Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum.

The sheer number of threats to your data — both external and internal — are increasing exponentially, so maintaining a robust data security posture is paramount. From a data protection standpoint, perhaps the most difficult challenge to address is that business-critical data worth protecting now takes so many different forms. Intellectual property, financial data, business confidential information, PII, PCI data, and more create a very complex environment.

Traditional data protection methods, like writing a rule to determine what data is worth protecting, are not enough in today’s cloud-centric environment. And think about how easy it is for your employees to create, modify and share sensitive content with anyone. Your sensitive data is constantly at risk from data loss, and relying on employees to ensure that data is shared with the right people at all times is ineffective.

In fact, according to the 2023 Verizon Data Breach Investigations report, 74% of all breaches involve the human element — either via social engineering error, privilege misuse, or use of stolen credentials. Concentric AI’s own 2023 Data Risk Report research reports that, on average, each organization had 802,000 data files at risk due to oversharing — that’s 402 files per employee. The risk to data is enormous.

As Cybersecurity Awareness Month approaches, it’s is a good reminder that data security posture management (DSPM) is critical for organizations to implement for visibility into actionable insights on how to mitigate data security risk. DSPM empowers organizations to:

  • Identify all sensitive data
  • Monitor and identify risks to business-critical data
  • Remediate and protect that information
The following Data Security Posture Management (DSPM) checklist elements combined with new initiatives for Cybersecurity Awareness Month can help you create a comprehensive five-step guide through Awareness, Action and What You Need to Know:

1. Data Sensitivity: The Foundation of Security

Awareness: It is critical to be able to discover and identify your at-risk data. Knowing where your sensitive data resides is the first step in securing it.

Action: Host workshops and webinars to educate employees about the types of sensitive data (PII, IP, etc.) in your organization, and why it’s crucial to protect them.

What You Need to Know: Understanding the types of data you’re handling can make a huge impact. Employees should be aware of what constitutes sensitive data and the risks associated with mishandling it. Workshops can cover topics like data classification, secure handling of PII, and the importance of data encryption.

2. Contextual Awareness: More Than Just Data Types

Awareness: Organizations must be able to understand the context of their data. Data is not just about types but also about the context around it.

Action: Use real-world examples to show how data can be misused if taken out of context. Encourage employees to think before they share.

What You Need to Know: Context matters. Data that seems harmless can become a security risk when placed in a different context. Employees need to be aware of and trained to consider the broader implications of the data they handle, including how it interacts with other data and systems.

For example, consider an employee’s first name. On its own, a first name like "John" seems harmless. But combined with other pieces of data such as a last name, email address, or office location, it can be used to craft a convincing phishing email. Imagine if you receive an email that addresses you by your full name and references your specific office location or recent company activities. It would appear legitimate and could trick an unsuspecting employee into revealing sensitive information or clicking on a malicious link.

3. Risk Assessment Drills: Preparing for the Worst

Awareness: Organizations need to understand where there is risk to sensitive data in order to protect it. Knowing the vulnerabilities can help in crafting better security policies.

Action: Conduct mock drills to simulate scenarios where sensitive data might be at risk due to inappropriate permissions or risky sharing. This happens far more often than you think.

What You Need to Know: Mock drills can help employees understand the real-world implications of data breaches. These drills can simulate phishing attacks, unauthorized data sharing, and even insider threats. The key is to help employees understand the importance of following data security protocols. Hint: while employees need to know these implications, your organization should be leveraging solutions that reduce the burden on employees.

4. Permission Audits: Who Has Access?

Awareness: It is very important for organizations to be able to track and understand data lineage and permissions. Knowing who has access to what data is crucial.

Action: Dedicate a week to auditing and correcting data permissions across all platforms. Make it a company-wide initiative.

What You Need to Know: Regular audits of data permissions can prevent unauthorized or risky access to sensitive information. During Cybersecurity Awareness Month, make it a point to review and update permissions, ensuring that employees have access to only the data necessary to do their jobs. The principles of least privilege and zero trust are applicable here.

5. Actionable Insights: The Path Forward

Awareness: Finally, organizations need to be able to take action and remediate any risk. Proactive measures can significantly reduce the risk of a data breach.

Action: Share weekly insights on the company’s data risk posture. Highlight any successful remediations as well as areas that need attention.

What You Need to Know: Transparency is key. Sharing insights about the company’s data risk posture can empower employees to take individual actions that contribute to the organization’s overall security. Celebrate the wins, but also highlight any underlying risks that need to be mitigated.

Cybersecurity is a shared responsibility, and Cybersecurity Awareness Month is the perfect time to reinforce this message. Combining data security awareness with robust DSPM is key for keeping data secure.

All organizations can achieve a strong level of data security via a solid cybersecurity awareness program, and by following tips and best practices in order to minimize the impact of a data breach. Having the best of both worlds is achievable with a security-aware workforce and a robust DSPM solution.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.