Data breaches have made the headlines much too often lately and left many IT, legal and compliance departments to wonder how they would react to a breach.
But instead of reacting, you can proactively assess your risk of a data breach and work to solve any vulnerable areas during a self audit. Look to see if any of these red flags live in your data environment.
- Mystery data. Do you know the type of data located on every server, backup tapes and even hidden email files such as PSTs? Different custodians within the organization create and maintain different types of data at different levels of sensitivity. By not knowing who created what and where it is, it leaves the door open for files to get lost and fall into the wrong hands.
- Poor archiving. Do you practice value-based archiving or an archive everything strategy? The latter leaves your important, sensitive data lost among a network of junk. Data gets lost and forgotten about until misplaced.
- Duplicates. How do you manage your duplicate data and do you know where your duplicates are? It doesn’t make much sense to protect one document when hundreds of copies of it exist in the enterprise. Understand and manage duplicate data.
- Personally Identifiable Information. Does your sales or service team routinely handle credit cards, Social Security numbers or other PII? Could any of that information have been sent over email by someone who does not understand the risks? Audit your system for PII.
- Un-interpretable data. Un-interpretable data is data that belonged to an ex-employee and was created a number of years ago likely has little business value, but it is a compliance risk. It can no longer be properly interpreted in its original context. Jokes can be crimes. Misunderstandings can become lawsuits. How much turnover does your business have?
- PSTs. These sensitive little email files don’t live with the rest of the emails, often creating copies or mini archives that go unmanaged. Where do they live, who owns them and when were they last accessed?
- Executive data. How the former CEOs email is handled and how last summer’s interns email is handled should be dramatically different. Are they held in an archive on retention policies with a set expiration dates or still on the computer they used?
You likely recognized at least one flag that exists in your data center and if you found four or five, you’re with the majority of large companies. There’s help out there. Email firstname.lastname@example.org for more information or visit: indexengines.com