Protecting Sensitive Data: 4 Things To Keep In Mind

Brian Thomas | July 9, 2020 | tag: Cybersecurity

Given the recent security breaches and reported hacking attempts, it is increasingly important for companies to have a handle on their most sensitive data. Sensitive data can include employees’ personal information, customer information, trade secrets, and other types of data that would cause internal breaches to company information if obtained by a hacker. To identify your organizations’ sensitive data points, refer to our recent article highlighting 5 examples of sensitive data.

Once you’ve identified the data points you need to protect, it’s time to act. Keep the following things in mind when creating a process for protecting internal data, as well as data stored with third parties:

How Businesses Protect Sensitive Data

  1. Have the right organizational structure in place. To successfully manage sensitive information you need to have the right cross-organizational team composed of people from different functions and positions. The team works together to identify cyber risks and are proactive about fixing them.
  2. Make sure the right internal data controls are in place. Every employee in your organization should understand the criticality of cybersecurity for the sake of data protection. They should be trained on the data safety protocols your organization deems appropriate. You’ll also want to take inventory of who has access to your sensitive data and whether that access is warranted.
  3. Implement a comprehensive third-party risk management (TPRM) plan. TPRM plans highlight the measures your organization takes to prevent issues caused as the result of third-party or vendor relationships. While every company tries to assess those risks at the outset, you should have an ongoing plan to manage it that includes the following steps:
    1. Up-to-date list of tiered third parties. Knowing the full cyber footprint of each vendor connected to your organization is important—but tiering those vendors based on how much sensitive data they have access to is even more critical.

      For proof, just look at Target’s 2013 breach that compromised the sensitive information of over 70 million customers. It was caused by a breach to the store’s HVAC vendor, allowing the hackers to gain access to Target data. It doesn’t matter whether the vendor is small or seemingly insignificant. What matters is how much access they have—because that access could cause major damage in the event that the vendor is compromised.
    2. A current cybersecurity assessment of top-tier vendors to ensure you know how your vendors are performing in terms of industry standards at a given moment in time. You can collect vendor assessment data through:
      • Vendor questionnaires
      • Performing an on-site assessment
      • Reviewing documentation
      • Performing a penetration test
    3. A review of current vendor contracts. Once you’ve gotten a better idea of how your top-tier vendors perform in the cybersecurity space, you need to be sure you’re protected with written contracts. When you revisit current contractual agreements and begin writing new ones, consider what level of security each vendor needs to meet and what standards to hold them to.
  1. Implement the right technology to protect your data. Technology should be used to reduce or eliminate leaks of sensitive information. Monitoring critical vendors continuously is key. BitSight provides historical information about your vendors in the form of a security rating — similar to a consumer credit score. Cybersecurity is becoming a critical topic in boardrooms today, and it’s more important than ever to have a hold on your security posture and procedures in place for monitoring your data security.

Begin Protecting Your Sensitive Data Today

Do you know how secure your third party vendors are? Are you meeting all of the global regulatory requirements surrounding the storage of consumer data? BitSight provides regulatory navigation through today’s complex world to help protect both your sensitive data points as well as your company reputation among peers.

New call-to-action

The content in this piece was originally published by BitSight in April of 2017, and has been updated as of July 2020. This updated version includes current information about BitSight, our security rating and third-party monitoring software, and the cybersecurity space.

Suggested Posts

4 Tips for Reducing Your Company’s Cyber Exposure

If your organization is like many others, its cyber exposure continues to grow over time. During the pandemic, as attackers sought to exploit unprecedented changes in work environments, 35% of cyberattacks used previously unseen malware...


5 Essential Elements of a Municipal Cyber Security Plan

Cyberattacks on state and local governments are on the rise. In 2020, more than 100 government agencies, including municipalities, were targeted with ransomware – an increasingly popular attack vector

These incidents are costly and...


Do You Have What it Takes to Achieve Digital Resilience?

The term “digital resilience” has gained momentum over the past few years as cybersecurity threats have grown, but what does it really mean? And how can a company become digitally resilient?


Subscribe to get security news and updates in your inbox.