Speaker 1: Reliable data is the lifeblood of every organization. It's what company leaders and employees need to make decisions and solve problems. Data is key to revenue, profits, and reputation. Several years ago, the magazine The Economist declared that oil is no longer the world's most valuable resource. Data is. Unfortunately, data is more difficult to secure than oil reserves are. I'm sure you've seen the headlines. Hackers seize a company's data and demand a ransom for its return. Some disgruntled employee infiltrates and corrupts their company's data. A major retailer learns its systems were broken into, and now customer credit card numbers are up for sale on the dark web. The details of these stories vary, but they teach the same lesson. A company must keep its data secure. Data breaches are expensive because they can force downtime on a company. Then there are possible regulatory and legal fines. A data breach can also damage your customers' trust and your organization's good name. All of these can undermine your organization's competitive advantage. In worst-case scenarios, a data breach can lead to bankruptcy. Here, we'll talk about the threats, tools, and techniques you need to know about to keep your business safe. For a deeper dive, click the link above or in the description below to explore our complete collection of all things data security. Companies must prevent unauthorized access to their data and guard against efforts to manipulate or corrupt data all throughout the data's lifecycle, from creation to destruction. Insider threats are one of the biggest threats to data security. An insider threat might come from a current or former employee or a third-party partner or contractor. The insider might be malicious, like a current or former employee who uses their legitimate access privileges to corrupt or steal sensitive data, either to profit or to satisfy a grudge. But unintentional insider threats are no less dangerous. An innocent click on a link in a phishing email could compromise a user's credentials or unleash ransomware or other malware on corporate systems. End-user carelessness can also result in accidental exposure of sensitive data. This might look like an employee emailing confidential information to the wrong person, uploading confidential information to an unprotected cloud account, or losing a company laptop or other device without reporting it to IT. Then there's the challenge of technical misconfigurations that accidentally expose confidential data sets. There are also third-party risks to consider. Your organization is only as secure as its least secure third-party partner. Consider the infamous SolarWinds supply chain attack. The attackers targeted the networks of a vendor's customers and supposedly vulnerable third-party software was partly to blame. Other data security challenges include expanding data footprints, inconsistent data compliance laws, and increasing data longevity. In short, data security risks come in many different forms. The ultimate goal of successful data security can be summed up in the acronym CIA. C stands for data confidentiality, or keeping data private. I stands for data integrity, that is, making sure the data is complete and trustworthy. And A stands for availability, ensuring those who need the data and are authorized to use it have access to it. When any of these three, confidentiality, integrity, or availability, are compromised, the company will likely suffer in terms of reputation or financial health. So how can an organization keep its data secure? The first step is to know what data you need to protect. You can inventory data through a process known as data discovery, which helps make it easier to manage, store, and secure the information. There are four standard classification categories for data. Public information, confidential information, sensitive information, and personal information. Businesses need to be particularly concerned about data security for personal information. Examples of personal data include personally identifiable information, like social security numbers, protected health information, such as patient names or birthdates, electronic protected health information, like medical records on a patient portal, payment card industry, or PCI data, such as a credit card number, and intellectual property, like product information. When doing the data inventory, it's essential to keep in mind that sensitive data can reside in many locations, on premises, in the cloud, in databases, and on devices. Data may also exist in three states of being, data in motion, data at rest, and data in use. Data in motion means data that is being transported, like an email in transit. Data at rest refers to data that's stored or at a destination, that is, data that's not being transported or used. The third state is called data in use, which sounds like what it is, data that is being written, updated, changed, or processed. Organizations need to take a defense-in-depth approach to their data security strategy, which means using a combination of tools, techniques, and policies. There are various data security tools organizations can consider to keep their data secure. One is Data Lifecycle Management, or DLM. A DLM tool uses automation to apply established policies to data. DLM products ensure digital information stays accurate, confidential, secure, and available from the moment it's created until the time it's no longer needed and is destroyed. Patch management software is another helpful data security aid because it keeps data safe by detecting and fixing vulnerabilities, the type of vulnerabilities that attackers love to exploit, so they can steal or corrupt an organization's data. Analytics tools focus on user behavior. These types of tools, often called user behavior analytics or user and entity behavior analytics, work by flagging attempts to gain unauthorized access. These tools can also alert security teams when sensitive data is accessed an unusually high number of times. That can help organizations detect things like lateral network attacks, compromised user accounts, and insider threats. But one of the most effective data security tools is actually education, like a security awareness training program. After all, intentional and unintentional mistakes by staff, contractors, and partners pose one of the greatest threats to data security. Some other effective ways to secure data include encryption, data masking, access control, data loss prevention, and data backup. Let's look at these five in a bit more detail. Encryption converts readable plaintext into unreadable ciphertext. That's done using an encryption algorithm, or cipher. If encrypted data is intercepted, it is useless because it cannot be read or decrypted by anyone who does not have the associated encryption key. Data masking obscures data, so it can't be read. Masked data looks like authentic data, but reveals no sensitive information. Data can be masked through several different techniques, like scrambling or substitution. Data encryption and data masking are different approaches, but the end result is the same. Both create data that is unreadable if intercepted. The third method, access control, means controlling who has access to the data you want to protect. Access control involves authentication and authorization, or using processes and techniques that ensure the users trying to access the data are first, who they say they are, and second, authorized to use the data. Password hygiene is important, too. Good password hygiene means setting policies that require a minimum password length so passwords can't easily be guessed, and require users to change that password regularly. Data loss prevention, or DLP, is another effective way to make data more secure. A DLP platform is a tool that monitors and analyzes data for anomalies and policy violations. It can conduct data discovery, inventory, and classification, as well as analyze data to determine if it's in motion, at rest, or in use. Data backup, the fifth on the list, involves creating copies of files and databases and storing them in a secondary location. That way, if the primary data fails, is corrupted, or gets stolen, the data backup ensures it can be returned to a previous state rather than lost completely. These five items, encryption, masking, access control, DLP, and backup, are just a few tools and techniques to improve data security, but they're great places to start. No matter how big or small, every organization needs a formal data security policy. This policy will clarify and codify expectations and responsibilities when it comes to securing data. It will also help demonstrate compliance with data privacy and security regulations. But remember that while rigorously following every best practice I just outlined will help prevent a data breach, you can't guarantee data security. You have to be prepared for the worst. That's why a data security strategy needs to be coupled with a data breach response plan. A set of policies that outline how, if the worst happens, your organization will manage the financial, legal, and reputational fallout.