Scene 1 – Introduction
Data is the lifeblood of any organization. Think about the data and systems you use on a daily basis. Email, stored files on your organization’s network, contact information for coworkers and customers, accounting and payroll information. All of this is data, and without it, you and your organization can’t function.
Data security is a broad term that describes how this data is protected and maintained for personal or business use. This includes ensuring that only the appropriate people have access to data and that this information is accurate and available when it is needed.
Scene 2 – Learning Objectives
This security awareness training covers the basic concepts of Data Security. In this module, we will discuss the importance of data security, who is responsible for keeping data secure, and what common practices and tools are used to ensure data security.
Scene 3 – Why is data security important?
There’s a good chance that in the past, you’ve had to deal with an email outage, the inability to access your work-related files, accidental deletion of data, and perhaps even a data breach in which an attacker stole sensitive data from your company. These scenarios are all examples of why data security is so important. Without the proper training, tools, and processes in place to protect critical data, your organization and its customers are at risk. In some cases, the theft or loss of data can even result in the failure of a business altogether.
Exercise – Business Impact
Select the possible problems a business may face as a result of a data security incident.
Try Again! A security incident can have a significant negative impact on any business.
Correct! Businesses that experience a security incident can experience downtime, loss of revenue, and possible legal action.
Scene 4 – Who is responsible for data security?
Keeping an organization’s data safe is the responsibility of every single person who comes into contact with it.
While the Information Systems or Technology department plays a critical role in protecting and maintaining data, other roles within the company are just as important in protecting important information.
At the top of an organization, it is the responsibility of executives and management to promote safe data handling policies and procedures and to reinforce the importance of security awareness training for staff at every level. It is then the responsibility of all employees to actively support these security initiatives.
Scene 5 – Data Classification
In order to protect your data, you must first identify what needs to be protected. This is done through the classification process.
If your organization has a data classification plan in place, it will help you understand what type of data you are working with, how and where that data is stored, and who should have access to it. If you are working with data that is classified, be sure to adhere to the policies your organization has created in relation to that data.
Scene 6 – Training
Scene 7 – Software
The best data security programs consist of both well-trained employees and the appropriate technology needed to maintain and protect data in digital and physical forms.
Software such as antivirus and antimalware programs help to keep malicious applications from infecting computer systems and exposing or damaging data. These tools, combined with regular operating system updates, are some of the most effective ways to protect critical data by preventing malicious software from infecting a system.
Scene 8 – Secure Storage
The manner in which data is stored is also very important in keeping it safe. Important considerations for data storage include encryption, physical security, and access permissions.
Encrypting data renders it unreadable to someone who accesses it without the authorized applications to tool. Even if an attacker is able to obtain this data, encryption prevents them from seeing the actual information.
The physical protection of data systems and hard copies of data is just as important as digitally protecting this information. From keeping physical assets such as servers and printed material safely stored in locked locations to monitoring these locations with video surveillance and protecting them with fire suppression systems, physical security is a cornerstone of any data security plan.
Finally, managing the permissions associated with an employee’s ability to access data, whether digital or physical, is an ongoing task that deserves special attention. As users move in and out of roles within an organization, their need to access different types of data will change. A user should only be allowed to access the information needed to perform the duties associated with their role.
Scene 9 – Data Backup and Recovery
As the threat from malicious programs such as malware and ransomware increases, so does the opportunity for the loss or corruption of critical data. In addition to these security threats, human error is also a common cause of data loss. To ensure that data can quickly be restored in the event of loss or corruption, a well-planned data backup and recovery strategy must be in place. Data backups provide a copy of your information which can be restored in the event of a security incident or accidental modification.
The data backup and recovery process is critical because it provides the means to recover lost data, regardless of the cause. Without this fundamental component, a business may experience significant losses if an incident occurs.
Scene 10 – Lessons Learned
In this video, we learned that businesses cannot function without access to their data. Ensuring that this data is available and accurate when it is needed is the goal of any data security plan. We explored the critical role that all employees play in protecting an organization’s data, important concepts to consider when developing a data security plan, and what common tools and processes are used to protect data.