Focus on Data Governance This Cybersecurity Awareness Month
For 18 years, Cybersecurity Awareness Month has raised technology users’ awareness about the critical importance of cybersecurity and provided them with helpful resources to interact safely online.
This year’s observance of Cybersecurity Awareness Month could not be more critical. It is estimated that more than 2,800 ransomware attacks take place each week—that adds up to more than 145,000 ransomware attacks per year. Across the globe, companies struggle to protect the vast amounts of data they generate, while also managing complex work-from-home IT environments and battling potential ransomware attacks.
The purpose of this blog is to provide you (and your employees) with five practical ways to maximize data governance, so you can safeguard your company’s mission-critical information.
Five Ways to Maximize Data Governance
During the Egnyte Exchange Global Summit, Egnyte Chief Governance Officer Jeff Sizemore and I presented the following recommendations to improve data governance.
1. Take Control of Data Privacy
Most organizations are aware of the importance of high-profile data privacy regulations that are already in place, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). But many organizations are unaware and/or unprepared for data privacy regulations that will impact them in the coming years, including the Virginia Consumer Data Protection Act (VCDPA), which will be effective in January 2023, and the Colorado Privacy Act, which will go into effect in July 2023. The list of data privacy regulations is only expected to grow over time.
To manage data privacy more effectively, you need a bird’s-eye view of your organization’s structured and unstructured content. Data governance capabilities such as those announced in Egnyte’s partnership with Truyo allow you to discover and access all of your structured and unstructured data, which is traditionally available in disparate repositories across most organizations. You can also automate your subject access request (SAR) process, so you can respond to users’ requests more quickly and effectively.
2. Improve Data Visibility
In today’s business environment, data is your most valuable asset. However, you can’t manage data that you can’t see. Egnyte’s Data Governance Trends Report found that the average organization deploys 14 file repositories, and 20% of CIOs report that their organizations deploy a whopping 20 or more file storage solutions to manage their data.
Best practices to improve data visibility include the following:
- Deploy data governance technology to determine where your sensitive files are stored and utilized, so you can make informed data lifecycle decisions.
- Identify and purge redundant, obsolete, trivial and stale (ROTS) data, which will reduce the overall volume of data that you need to govern. This approach can improve users’ experience because they won’t have to wade through large volumes of obsolete content to find what they need. It can even help to reduce data storage costs.
- Automate policies for retaining, archiving, and deleting (RAD) data to improve organizational efficiency and save time.
3. Assume a Ransomware Attack Is Likely
With the escalating volume of ransomware attacks, this advice should be common knowledge at this point. Unfortunately, many organizations believe they’re too small—or their data isn’t valuable enough—to be potential ransomware victims.
Such complacency led Anne Neuberger, U.S. Deputy National Security Advisor for Cyber and Emergency Technology, to recently state the following:
“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.”
Proven approaches to managing ransomware include the following:
- Educate your users regarding cybersecurity best practices, including not clicking on potential phishing emails or on suspicious web links.
- Consider ransomware detection technology that recognizes ransomware signatures, identifies ransomware behavior, and flags unusual file behavior such as high-volume encryption activity.
- Should your organization be infected with ransomware, immediately revoke impacted users’ credentials to stop ransomware’s progression.
- Have a proactive ransomware recovery plan in place before an incident occurs.
- Work with a provider that can help you to restore your mission-critical files ASAP.
4. Consider Everyone as a Potential Insider Threat
At first glance, this advice can appear counter-intuitive. In order for your employees to be productive, they must be given trust. However, recent reports have shown that up to 40% of global security incidents in 2020 were caused by inside actors. Key contributors to that figure include the less constrained, work-from-home culture during the global pandemic, as well as higher levels of employee turnover. So, it is now advisable to follow a “trust but verify” approach.
Ways to prevent insider threats include the following:
- Protect your company from potential IP theft. Determine what data is accessed, by whom, and when.
- Understand common user behavior patterns and detect anomalous behavior, including unusual file download and deletion activity.
- Augment visibility of your complete security picture by integrating your data governance solutions with your SIEM solutions.
- Gain better visibility into your organization’s connected folders. This includes folders that are stored on your users’ computers and synced with specified folders in the cloud.
5. Understand That Remote Work Is Here To Stay
Another key finding from Egnyte’s Data Governance Trends Report is that remote work is expected to continue. According to the report, 88% of IT leaders expect remote work to continue through 2022.
Best practices to protect your remote work infrastructure include the following:
- Remember that a work from home environment—without adequate IT safeguards—can be a gateway to insider threats.
- Practice defense in depth across all your organization’s IT environments.
- Restrict business users’ access to sensitive data on a need-to-know basis.
- Require users to utilize multi-factor authentication (MFA).
- Monitor for suspicious logins and take immediate action when they’re detected.
Learn More
It takes a village to promote effective cybersecurity practices, so feel free to share this article with your colleagues. For further details, watch our demo, which illustrates how you can utilize a content governance platform like Egnyte to manage your sensitive content more effectively.