5 Data security tips every IT manager should know

The past few months have been full of news coverage around data breaches and the need for data awareness. From hospitals to universities to children’s toys, data attacks are coming full force, and IT pros …

3 Questions answered by the Verizon Data Breach Report

Verizon’s annual Data Breach Investigations Report has become a hallmark of the security industry’s progress, as well as its preparedness against attackers and breach incidents. This year’s theme is, “Security should be a driving force, …


Great product teams play bingo, not basketball

I totally admit that I drive product folks crazy. I am a huge believer that it is the responsibility of every person in a company to help ensure complexity and gratuitous innovation don’t creep into …

Avoid scare tactics and secure your data – on a budget

When I read news about the latest security breaches, one theme always stands out – they’re purposefully terrifying. Not only because the idea of intruders gaining access to private data can be unnerving, but because vendors, media, and even end users often resort to scare tactics when expressing the urgency of security incidents.

When you’re the person tasked with protecting your company from attack, you don’t need fear to drive your decisions; you need tangible solutions and strategies to help them stick. If Frank Herbert’s “Dune” taught us anything, it’s that “fear is the mind killer.” When you’re working with a tight security budget, which is the case for many midsize organizations, actionable plans become an even bigger priority.

To make security a reality for your organization, steer clear of the hype and focus on the below tactics:

1. Determine how your organization defines “security.”

Some small businesses equate security with surveillance cameras and locks on doors. On the other hand, global enterprises invest massive amounts of time and money championing antivirus and endpoint security software to keep intruders out of their systems.

There’s no cookie-cutter answer or playbook when it comes to security, but it’s critical to have a companywide understanding of what it means for your team. To arrive at that definition, consider the size of your security team, the types of data your organization collects and stores, and the state and cost of your security breach recovery plans.

2. Take stock of your sensitive data – and who has access to it.

At the heart of every data security plan is data itself. Don’t make the mistake of building taller walls and digging deeper moats without gaining a full understanding of the sensitive information your organization is actually storing; only when you can fully audit its contents will you be prepared to design an effective protection plan.

When you search for a file that you know contains intellectual property (IP) or personally identifiable information (PII), can you determine which employees have interacted with the information in the last year? What about the changes they made, the locations to which the file has moved, or whether a former employee or contractor saved the information to a personal location before leaving the organization? To negate the effects of a security breach, you first need to understand where they take root.

3. Build a case that will resonate with your C-suite.

IT and security professionals work up close and personal with their companies’ sensitive assets. To communicate the need for improved security plans to their executive teammates – without resorting to scare tactics – they need to get out of the weeds.

Don’t focus on details and downtime when you’re approaching an executive about a change to your security strategy. Instead, avoid technical jargon and focus on common ground that matters to IT pros and the C-suite alike: the company’s bottom line.

Is your team fully leveraging its data security expertise?

1 Like
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.