For 19 years, Cybersecurity Awareness Month has raised technology users’ awareness about the critical importance of cybersecurity and provided them with helpful resources to interact safely online.
This year’s observance of Cybersecurity Awareness Month could not be more critical. After peaking in 2021, ransomware attacks in 2022 are on par to comfortably exceed the volume that occurred in 2020. Across the globe, companies struggle to protect the vast amounts of data they generate, while also managing complex work-from-home IT environments and battling potential ransomware attacks.
The purpose of this blog is to provide you with five practical ways to maximize data governance, so you can safeguard your client’s mission-critical information.
1. Prepare for the Looming Data Privacy Regulations in 2023
Most organizations are aware of the importance of high-profile data privacy regulations that are already in place, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which will be replaced by the California Consumer Privacy Rights Act (CPRA) on January 1, 2023. Also on January 1, 2023 the Virginia Consumer Data Protection Act (VCDPA), will go into effect, followed later by the Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA) and Utah Consumer Privacy Act.
To manage data privacy more effectively, you need a bird’s-eye view of your client’s structured and unstructured content. Proper data governance should include the ability to discover and classify all of the structured and unstructured data, which is traditionally available in disparate repositories across most organizations. This can also help automate your subject access request (SAR) process, so you can respond to users’ requests more quickly and effectively.
2. You Can’t Manage Data that you Can’t See
Egnyte’s Cybersecurity Trends for Mid-Sized Organizations Report found that 94% of respondents’ organizations have 6 or more data repositories, with some reporting that they manage more than 20. It’s really hard to manage data that you can’t see. Here are some best practices that will help improve data visibility:
- Deploy data governance technology to determine where sensitive files are stored and utilized, so you can make informed data lifecycle decisions.
- Identify and purge redundant, obsolete, trivial and stale (ROTS) data, which will reduce the overall volume of data that you need to govern. This approach can improve users’ experience because they won’t have to wade through large volumes of obsolete content to find what they need. It can even help to reduce data storage costs.
- Automate policies for retaining, archiving, and deleting (RAD) data to improve organizational efficiency and save time.
3. It’s Not If, But When A Ransomware Attack Will Happen
With the escalating volume of ransomware attacks, this advice should be common knowledge at this point. Unfortunately, many organizations believe they’re too small—or their data isn’t valuable enough—to be potential ransomware victims.
Such complacency led Anne Neuberger, U.S. Deputy National Security Advisor for Cyber and Emergency Technology, to state the following:
“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.”
Proven approaches to managing ransomware include the following:
- Educate your users regarding cybersecurity best practices, including not clicking on potential phishing emails or on suspicious web links.
- Consider ransomware detection technology that recognizes ransomware signatures, identifies ransomware behavior, and flags unusual file behavior such as high-volume encryption activity.
- Should your organization be infected with ransomware, immediately revoke impacted users’ credentials to stop ransomware’s progression.
- Have a proactive ransomware recovery plan in place before an incident occurs.
- Work with a provider that can help you restore your mission-critical files ASAP.
4. Any Employee Could Represent an Insider Threat
In order for employees to be productive, they must be given trust. At first glance, this advice can appear counter-intuitive. However, a recent report has shown that insider breaches are over ten times more costly than those by external parties. Key contributors to that figure include the less constrained, work-from-home culture during the global pandemic, as well as higher levels of employee turnover. So, it is now advisable to follow a “trust but verify” approach.
Ways to prevent insider threats include the following:
- Protect your company and your client’s company from potential IP theft. Determine what data is accessed, by whom, and when.
- Understand common user behavior patterns and detect anomalous behavior, including unusual file download and deletion activity.
- Augment visibility of your complete security picture by integrating your data governance solutions with your SIEM solutions.
- Gain better visibility into the organization’s connected folders. This includes folders that are stored on users’ computers and synced with specified folders in the cloud.
5. Remote Work is not Going Away
According to a McKinsey report, 87% of workers will continue working from home if allowed.
Best practices to protect remote work infrastructure include the following:
- Remember that a work from home environment—without adequate IT safeguards—can be a gateway to insider threats.
- Practice defense in depth across all your organization’s IT environments.
- Restrict business users’ access to sensitive data on a need-to-know basis.
- Require users to utilize multi-factor authentication (MFA).
- Monitor for suspicious logins and take immediate action when they’re detected.
Learn More
It takes a village to promote effective cybersecurity practices, so feel free to share this article with your colleagues. For further details, check out this product tour, which illustrates how you can utilize a content governance platform like Egnyte to manage your sensitive content more effectively. For more information about joining our Egnyte Partner Program visit www.egnyte.com/msp.
Guest blog courtesy of Egnyte. Read more Egnyte guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.
