Black Friday Sale! 50% Off All Access

Companies Need to Take Responsibility for Protecting Sensitive User Data Stealing data is a crime but those entrusted with protecting it bear responsibility for the measures they take.

By Todd Feinman

Opinions expressed by Entrepreneur contributors are their own.

Cyber-criminals have grabbed headlines for highly-publicized data breaches in recent years. However, the greatest blame for many of these incidents is squarely on the shoulders of organizations that don't properly manage sensitive data. Harvesting personally identifiable information requires far less effort due to insufficient security controls and the mass amounts of information exposed by organizations every day. The problem is exacerbated by employees with too much access and those who accidentally share mismanaged data.

While compliance helps drive business need, it is clearly not enough as evidenced by the 2013 Target breach and many subsequent retail industry breaches in 2014. A holistic approach to risk that includes data discovery, data classification and data protection is the most effective in preventing critical information from getting into the wrong hands.

Related: Target CIO Out Following Data Breach

Changing the breach mindset.

Organizations in all industries must stop working under the assumption of "if," and instead, build strategies around "when" a data breach will occur. The bad guys are only getting better at what they do, and are often ahead of the security curve. When companies rely too heavily on securing the perimeter instead of managing the items within the perimeter, they're setting themselves up for a more damaging breach.

A strong defense is important and necessary, but consider this analogy. If the world thinks you keep a pile of cash in your car, someone will try breaking in to steal it, even if the door is locked. If they knew it was secured in a safe or didn't know it existed, they likely would not bother breaking in.

Greater attention to Sensitive Data Management.

Sensitive data management is a strategy that incorporates people, process and technology focused on data discovery, classification, security governance and protection. Sensitive data management can include the usage of data loss prevention technology, but as a whole it is a comprehensive strategy to know where your data is, what is at risk, who has access, when it is touched and how to protect it. Most organizations incorporate these steps into their sensitive data management best practices:

  • Defining what the organization deems as sensitive information.
  • Knowing where sensitive data is and who has access.
  • Classifying data in terms of importance and potential harm to your organization, if stolen.
  • Identifying who the data owner is.
  • Governing the accountability of data owners.
  • Determining if data is necessary or obsolete and if it poses unnecessary risk.
  • Eliminating data as soon it is no longer necessary or protecting it if it must exist.

Related: 4 Ways to Mount a Cyber Defense in Light of the U.S. Military's Social-Media Hack

The consequences of not employing effective sensitive data management strategies are quite severe, as many breached organizations have learned. It can take many years to undo the damaging impact of data breaches that are exacerbated by improper sensitive data management controls, if they can be remedied at all. Some consequences include:

  • Compliance fines, legal costs and insurance premium hikes. From HIPAA to SOX to PCI-DSS 3.0, there are any number of regulations that require organizations to protect this data and levy monetary penalties for not doing so. As a result, legal spend and insurance premiums also increase.
  • Lingering sales drop. Studies have shown that in the finance, retail and healthcare industries, up to a third of consumers will stop doing business with organizations that are breached.
  • Increased IT cost and inefficiency. Excessive data is not only a recipe for a breach nightmare, but it takes up space valuable on your network.

Organizations in all industries need to do a better job of managing sensitive data. Many are holding on to sensitive data they don't even know they have and are at great risk that it could be stolen or exposed. In a day when cyber criminals are sharpening their skills on a daily basis, businesses should take inventory of every piece of data they own, classify it, protect it and govern its access. Getting breached is bad enough, but losing data that had no business being there in the first place is even worse.

Related: Home Depot Suffers Possible Data Breach, Tries to Ease Customer Fears

Todd Feinman

President and CEO of Identity Finder

Todd Feinman is president and CEO of Identity Finder, co-founding the company in 2001. He is an expert in sensitive data management and an internationally published author. Todd has a Master in Business Administration from Harvard Business School and a Bachelor’s of Science from Lehigh University.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Living

These Are the 'Wealthiest and Safest' Places to Retire in the U.S. None of Them Are in Florida — and 2 States Swept the List.

More than 338,000 U.S. residents retired to a new home in 2023 — a 44% increase year over year.

Starting a Business

This Sommelier's 'Laughable' Idea Is Disrupting the $385 Billion Wine Industry

Kristin Olszewski, founder of Nomadica, is bringing premium wine to aluminum cans, and major retailers are taking note.

Business News

DOGE Leaders Elon Musk and Vivek Ramaswamy Say Mandating In-Person Work Would Make 'a Wave' of Federal Employees Quit

The two published an op-ed outlining their goals for their new department, including workforce reductions.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

These Are the Highest Paying Jobs Available Without a College Degree, According to a New Report

The median salaries for these positions go up to $102,420 per year.

Starting a Business

He Started a Business That Surpassed $100 Million in Under 3 Years: 'Consistent Revenue Right Out of the Gate'

Ryan Close, founder and CEO of Bartesian, had run a few small businesses on the side — but none of them excited him as much as the idea for a home cocktail machine.