In Part I of this series, I discussed how data security and privacy best practices are similar to the children’s game “Treasure Hunt,” and I offered 10 tips for protecting your booty upon arrival at your tropical island. But what are you supposed to do before you even get there? Here are seven additional best practices on how to prepare.

1. Cash Is King

Before you set out on your journey, a visit to the king is in order to secure patronage. Have you identified your executive sponsor and associated budget? If not, you may find yourself lost at sea and unable to remain afloat.

2. Watch Your Ballast

Ballast is what provides stability for your ship. Too much and you risk sinking in rough seas. In data security, the equivalent of ballast is being weighed down by manual processes and tools that don’t meet your needs. Throw them overboard! Consider using automated methods to identify what’s important, such as data sources, files and databases.

3. Beware of Traitors

A traitor could derail your entire journey by giving up your position and sharing valuable information with pirates. No one wants to talk about rogue employees and the risk of insider threats. Nevertheless, we need to be thinking like pirates at all times and anticipating all possibilities. Activity monitoring is a good way to ensure that the crew doesn’t turn against you.

4. Avoid Mutiny

If you’ve ever seen “Mutiny on the Bounty,” you know what happens when a captain does not have the crew’s respect. Worse than a traitor, your very existence could be threatened.

Being a strong leader means being clear about your team’s roles and responsibilities with respect to data protection. Who administers the policies? What mechanisms do you have in place for approvals and escalations? Using a structured approach with built-in workflows means ensuring everyone signs off on exceptions.

5. Check the Weather Often

Back in the days of sail, both wind and weather made the difference between getting to your destination, going down with the ship or succumbing to illness and starvation. In data security and privacy, the weather is the prevailing regulatory environment.

With the EU-U.S. Privacy Shield potentially replacing Safe Harbor in addition to the new EU GDPR regulations taking effect in 2018, it’s critical to understand the changes on the horizon and to anticipate how those changes might impact your plans.

6. Always Be Prepared for Battle

Being prepared means having both detective and preventive measures in place. Do you have a lookout 24 hours a day? What if a ship approaches and the pirates try to board? In data security, you must observe all activity and have a plan in place to identify and then respond to unusual activity.

Sometimes those pirates are so tricky that they foil all our best defenses, such as blocking rogue SQL, alerting, etc. How do you detect unusual data access activity patterns? This is where machine learning comes in — applying cognitive computing techniques to identify that needle in the haystack.

7. One Man’s Trash Is Another Man’s Treasure

Be careful about how you dispose of your trash. If you drop it overboard, you will be leaving valuable clues for the pirates (in addition to being a polluter).

The same is true for removing old data. It needs to be disposed of in a manner that ensures it is no longer usable. Several recent breaches involved access to unneeded data that could have been either placed into a secure archive or disposed of entirely. Old data equals risk.

Learn more about securing the data that powers your business

More from Data Protection

Cost of a data breach 2023: Geographical breakdowns

4 min read - Data breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data Breach Report 2023 looked at 553 organizations of various sizes across 16 countries and geographic regions, and 17 industries. In the report, the top five costs of a data breach by country or region (measured in USD millions) for 2023…

Cost of a data breach 2023: Pharmaceutical industry impacts

3 min read - Data breaches are both commonplace and costly in the medical industry.  Two industry verticals that fall under the medical umbrella — healthcare and pharmaceuticals — sit at the top of the list of the highest average cost of a data breach, according to IBM’s Cost of a Data Breach Report 2023. The health industry’s place at the top spot of most costly data breaches is probably not a surprise. With its sensitive and valuable data assets, it is one of…

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Advanced analytics can help detect insider threats rapidly

2 min read - While external cyber threats capture headlines, the rise of insider threats from within an organization is a growing concern. In 2023, the average cost of a data breach caused by an insider reached $4.90 million, 9.6% higher than the global average data breach cost of $4.45 million. To effectively combat this danger, integrating advanced analytics into data security software has become a critical and proactive defense strategy. Understanding insider threats Insider threats come from users who abuse authorized access to…