Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum.

The sheer number of threats to your data — both external and internal — are increasing exponentially, so maintaining a robust data security posture is paramount. From a data protection standpoint, perhaps the most difficult challenge to address is that business-critical data worth protecting now takes so many different forms. Intellectual property, financial data, business confidential information, PII, PCI data, and more create a very complex environment.

Traditional data protection methods, like writing a rule to determine what data is worth protecting, are not enough in today’s cloud-centric environment. And think about how easy it is for your employees to create, modify and share sensitive content with anyone. Your sensitive data is constantly at risk from data loss, and relying on employees to ensure that data is shared with the right people at all times is ineffective.

In fact, according to the 2023 Verizon Data Breach Investigations report, 74% of all breaches involve the human element — either via social engineering error, privilege misuse, or use of stolen credentials. Concentric AI’s own 2023 Data Risk Report research reports that, on average, each organization had 802,000 data files at risk due to oversharing — that’s 402 files per employee. The risk to data is enormous.

As Cybersecurity Awareness Month approaches, it’s is a good reminder that data security posture management (DSPM) is critical for organizations to implement for visibility into actionable insights on how to mitigate data security risk. DSPM empowers organizations to:

  • Identify all sensitive data
  • Monitor and identify risks to business-critical data
  • Remediate and protect that information
The following Data Security Posture Management (DSPM) checklist elements combined with new initiatives for Cybersecurity Awareness Month can help you create a comprehensive five-step guide through Awareness, Action and What You Need to Know:

1. Data Sensitivity: The Foundation of Security

Awareness: It is critical to be able to discover and identify your at-risk data. Knowing where your sensitive data resides is the first step in securing it.

Action: Host workshops and webinars to educate employees about the types of sensitive data (PII, IP, etc.) in your organization, and why it’s crucial to protect them.

What You Need to Know: Understanding the types of data you’re handling can make a huge impact. Employees should be aware of what constitutes sensitive data and the risks associated with mishandling it. Workshops can cover topics like data classification, secure handling of PII, and the importance of data encryption.

2. Contextual Awareness: More Than Just Data Types

Awareness: Organizations must be able to understand the context of their data. Data is not just about types but also about the context around it.

Action: Use real-world examples to show how data can be misused if taken out of context. Encourage employees to think before they share.

What You Need to Know: Context matters. Data that seems harmless can become a security risk when placed in a different context. Employees need to be aware of and trained to consider the broader implications of the data they handle, including how it interacts with other data and systems.

For example, consider an employee’s first name. On its own, a first name like "John" seems harmless. But combined with other pieces of data such as a last name, email address, or office location, it can be used to craft a convincing phishing email. Imagine if you receive an email that addresses you by your full name and references your specific office location or recent company activities. It would appear legitimate and could trick an unsuspecting employee into revealing sensitive information or clicking on a malicious link.

3. Risk Assessment Drills: Preparing for the Worst

Awareness: Organizations need to understand where there is risk to sensitive data in order to protect it. Knowing the vulnerabilities can help in crafting better security policies.

Action: Conduct mock drills to simulate scenarios where sensitive data might be at risk due to inappropriate permissions or risky sharing. This happens far more often than you think.

What You Need to Know: Mock drills can help employees understand the real-world implications of data breaches. These drills can simulate phishing attacks, unauthorized data sharing, and even insider threats. The key is to help employees understand the importance of following data security protocols. Hint: while employees need to know these implications, your organization should be leveraging solutions that reduce the burden on employees.

4. Permission Audits: Who Has Access?

Awareness: It is very important for organizations to be able to track and understand data lineage and permissions. Knowing who has access to what data is crucial.

Action: Dedicate a week to auditing and correcting data permissions across all platforms. Make it a company-wide initiative.

What You Need to Know: Regular audits of data permissions can prevent unauthorized or risky access to sensitive information. During Cybersecurity Awareness Month, make it a point to review and update permissions, ensuring that employees have access to only the data necessary to do their jobs. The principles of least privilege and zero trust are applicable here.

5. Actionable Insights: The Path Forward

Awareness: Finally, organizations need to be able to take action and remediate any risk. Proactive measures can significantly reduce the risk of a data breach.

Action: Share weekly insights on the company’s data risk posture. Highlight any successful remediations as well as areas that need attention.

What You Need to Know: Transparency is key. Sharing insights about the company’s data risk posture can empower employees to take individual actions that contribute to the organization’s overall security. Celebrate the wins, but also highlight any underlying risks that need to be mitigated.

Cybersecurity is a shared responsibility, and Cybersecurity Awareness Month is the perfect time to reinforce this message. Combining data security awareness with robust DSPM is key for keeping data secure.

All organizations can achieve a strong level of data security via a solid cybersecurity awareness program, and by following tips and best practices in order to minimize the impact of a data breach. Having the best of both worlds is achievable with a security-aware workforce and a robust DSPM solution.


  • Cloud Adoption Gives Way to Hybrid Deployments

    Cloud adoption is growing at an astonishing rate, with Gartner forecasting that worldwide public cloud end-user spending will approach $600 billion by the end of this year—an increase of more than 21% over 2022. McKinsey believes that number could eclipse $1 trillion by the end of the decade, further underscoring the industry’s exponential growth. Read Now

  • AI on the Edge

    Discussions about the merits (or misgivings) around AI (artificial intelligence) are everywhere. In fact, you’d be hard-pressed to find an article or product literature without mention of it in our industry. If you’re not using AI by now in some capacity, congratulations may be in order since most people are using it in some form daily even without realizing it. Read Now

  • Securing the Future

    In an increasingly turbulent world, chief security officers (CSOs) are facing a multitude of challenges that threaten the stability of businesses worldwide. Read Now

    • Guard Services
  • Security Entrances Move to Center Stage

    Most organizations want to show a friendly face to the public. In today’s world, however, the need to keep people safe and secure has become a prime directive when designing and building facilities of all kinds. Fortunately, there is no need to construct a fortress-like entry that provides that high level of security. Today’s secured entry solutions make it possible to create a welcoming, attractive look and feel at the entry without compromising security. It is for this reason that security entrances have moved to the mainstream. Read Now

Featured Cybersecurity


New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3