I have been working in the field of cybersecurity for close to a decade now. I love my job. I help protect organizations from a variety of threats. I work with large corporations, small business and even non-profits. Over the course of my time in the field I have seen cyber attacks become more and more prevalent. That is why it is so important for the people in charge of their organization to understand exactly what it is they store within their computers.
As a cybersecurity consultant it is my job to perform risk assessments. This is a tedious but necessary task. The first thing I do when I walk into an organization is interview the individuals that are in charge. This is a great first step to understand what the organization does but it does not always provide me with accurate information.
There is always one question I ask that I can almost guarantee will give me an inaccurate response. This question is, “What type of sensitive data do you store within your computer network?”
It is not uncommon for some of these business owners to tell me that they do not store any sensitive information on their systems when in fact, they do. It is for this reason that I always ask for permission to run a scan on their network that will look for sensitive information.
A quick scan of a computer can reveal startling results. The same business owner that swore that there was no sensitive information stored on their computer often recants when I show them the results. I often find credit card numbers, social security numbers and other information that they didn’t even realize was there.
This type of data is not the only sensitive data that an organization should be worried about. The European Union is known to be must more strict when it comes to protecting the privacy of their citizens. They recently became even more stringent with the introduction of General Data Protection Regulations (GDPR) on May 25th, 2018.
If you do not do business in the EU you may not have to worry about GDPR but you do have to worry about things like PCI-DSS, HIPPA and Sarbanes-Oxley (SOX). Failing to adhere to these regulations can result in large fines and other serious consequences.
So what type of data do you need to protect?
Sensitive PII or Personally Identifiable Information is information which, when disclosed, could result in harm to an individual whose privacy has been breached. Information can include biometric data, medical information, social security numbers, passport numbers and more.
Protecting this information is vitally important for your organization and it should not be taken lightly. That is why we highly recommend consulting with a cybersecurity professional. These professionals are thoroughly trained in the various laws and regulations pertaining to information technology. While no one can ever guarantee that your network is 100% secure they can help you mitigate risk and help ensure you are practicing due diligence.
Thank you for reading. We hope you found this information useful.