It seems like every week there’s another data breach in the news and the fallout that both the company and its customers experience is front and center. Meanwhile, as organizations continues to digitize sensitive data, they assume ever-greater risks with the storage and processing of that information. 

Organizations that maintain critical information and assets such as customer data, intellectual property, trade secrets or other regulated content naturally bear the greatest risks. But with a every organization has sensitive data and therefore needs a clear data audit and recovery plan.

Oh, and one more thing: The best time to implement that plan is before — not after — your data is breached. 

Data Audits Are Good. Really! 

Putting in place a solid, data-centric approach to auditing and protecting your enterprise will go a long way toward preparing your company for issues it may face concerning compliance and governance.  

Viewed proactively, an audit shouldn’t be seen as a negative but rather as an opportunity to look closely at the policies your organization currently has in place to govern its data, as well as gain insight into how to strengthen those policies to avoid future incidents.

Who Had Access?

When an audit begins, the conversation usually starts by asking who had access to what. In essence, your organization is trying to learn the answers to three questions:

  1. What could the hackers do with the breached data? 
  2. What did they do with the breached data? 
  3. Where is the breached data now?

Having this information allows your company’s auditors to piece together a full audit trail. Was the data misused? Was it exposed? Where does it currently live? However, providing a comprehensive list of your company’s entire data footprint won’t always be possible or practical: In those cases, you’ll need to center your audit reports on prioritizing which data should be protected.

Protecting the Crown Jewels

In other words, your organization needs to know how to locate its data “crown jewels.” For that reason, any thorough audit plan hinges on your organization’s ability to understand precisely what data it has.  

Armed with that information, recovering from an audit becomes a three-step process:

Learning Opportunities

1. Discover and Classify: Know Where Your Data Lives

To respond to any audit request, your first step must be to understand where the breached data resided before the breach. Understanding where your most sensitive data was will give you an easy-to-understand view of the breach risk associated with that system or location within your infrastructure.

What’s more, having an accurate picture of where your information was and now is can inform your future security policies and ensure that your beefed-up security policies will be protecting the right data in the right locations going forward. 

2. Secure and Police: Create a Complete Security Policy

Once you have identified where your most sensitive data lives, you can begin to apply your security policies to it. Such policies can range from simply restricting access based on content type or metadata to more complex solutions like managing tags inside of documents and using data-centric audit and protection tools.

Leveraging technology to police your content will provide you with a complete security solution for your data that will quickly allow you to narrow down what information you will present to an auditor. Putting comprehensive security policies in place throughout your infrastructure that prepare you to respond quickly to a breach can go a long way toward creating an acceptable level of protection. For example, I worked with a large enterprise customer that had its fines reduced significantly after demonstrating its proactive protocols to the audit authority following a breach.

3. Recertify and Report: Ensure Regular Recertification

Recertification is vital because it allows you to show that you have addressed your security issues and put accountability measures into place. You can use this recertification process to show an auditor that a data trail exists, where your data lives and how data owners are being held accountable for that data. 

Though it may seem that recertification of these processes is the least important step, it provides future protection for any audits or breaches that may occur. With recertification, you can ensure that the focus is on how you are going to prevent the next breach and protect not only your company’s data, but its bottom line as well.

Title image "Security" (CC BY 2.0) by  Incase.