FAQs on Data Security

| Updated on: April 3, 2020

Data security and safety has become one of the top priorities of any company. Irrespective of the size of the business, companies are constantly discussing about the best options available in the market to suit their data security needs. Security and privacy leaders face some critical decisions in the years ahead to ensure their organization is completely safeguarding data. The risk of not securing data and protecting privacy is too great. But many leaders are not sure where to start. Data privacy and information security can be daunting, and their teams are already overwhelmed!

While there might be unending propositions to overcome data breach, boards can take the risk management concepts they already know well and apply those to cybersecurity by properly framing the conversation using these commonly asked questions.

How prepared are we in terms of facing data breach?

While choosing an anti-malware software, you must ask yourself about your company’s current state and how prepared it is when it comes to data breach. Have a well-documented strategy and process in place and ensure that the protocol is strictly followed. It also helps to practice handling data breaches with your team during regular tabletop security exercises. These exercises help your team gauge and improve the ability to handle security incidents and data breaches in the future.

What kind of threats is our company likely to face?

Since a business has several processes and functions, it is quite tasking to understand the chances and the scale of risks. One of the most challenging aspects, while identifying potential threats is to develop an understanding the kind of attackers. At a board level, this process is very similar to the analysis that they do for identifying threats to revenue. Discussing and determining whether a revenue forecast is threatened by quality issues, labour disputes, competitive pressures, and other factors is very similar to a discussion of which threats must be considered as part of an overall cybersecurity program.

What is the impact of data breach?

Apart from leaking crucial business data, there could be other grave impacts of data breach. Data breaches and privacy compliance violations cause financial impact to businesses in the form of fines, class action lawsuits, damage to reputation, and loss of competitive advantage, to name a few. Unfortunately, there is a lot of real-world data about the costs of data breaches that can help boards arrive at a realistic number and an understanding of the wide-reaching ramifications. Company boards need to understand the impacts that result from a variety of data breaches, including accidental unauthorized access, partial data theft and data theft.

Do we incorporate ‘privacy by design’ into our IT systems?

If you take a ‘privacy by design’ approach to security, you approach your security projects by incorporating privacy and data protection from the start. Leveraging this approach helps your organization when complying with global data privacy regulations.

  • Consider incorporating ‘privacy by design’ when:
  • Deploying any new IT infrastructure that stores or processes personal data
  • Implementing new security policies or strategies
  • Sharing any data with third parties or customers
  • Using data for any analytical purposes

By incorporating ‘privacy by design,’ you are helping to minimize the risk of data loss. If you design your projects, processes, and systems with privacy in mind, you can identify problems early on and raise the level of awareness for privacy concerns in the organization.

What are the processes and places where sensitive business data is stored and how are we planning to meet data breach contingencies?

If you don’t know what data assets you hold, it’s difficult to assess what impact you might face from a data breach. You must identify and confirm with key stakeholders what data the organization stores or processes. This can be done via interviews that determine where your data repository locations reside. Make sure you investigate the following areas where data typically resides:

  • Applications (e.g., email, web, OS, etc.)
  • Folders (e.g., shared network, local)
  • Databases
  • Cloud and Third Parties
  • Removable media
  • Physical locations (e.g., cabinets, safes)
  • Test and Development networks

Scanning your entire network for data will help you assess and categorize what data could be impacted by a breach. This data mapping exercise can also help you categorize data according to sensitivity.

Who has the access to crucial business data?

Another important question to ask is who has access to sensitive information and is their access necessary for business operations. You may find that some of your end users have privileged access to sensitive data that they should not hold. You may also discover that these users are transmitting or storing sensitive data that poses a high risk for loss.

With this information, you can begin to revise your security policies to remove privileged access to sensitive data sources. You can also protect your endpoints from data exfiltration with appropriate security technologies. Or, if users need access to sensitive data and you are still concerned about a someone stealing these assets, you might deploy a data masking or encryption tool to hide sensitive data.

Do we have a regular or ongoing data audit process set up for the future?

It is important that your team regularly evaluates your data retention schedule and determines if it aligns with legal and regulatory requirements for your industry. You might find that you need to shorten or lengthen the amount of time data is kept within your recordkeeping system.

The data audit is also a time when you can answer questions about your data such as what data are we collecting now, where are we storing data, how are we protecting data, what’s the process for a data access or deletion request, and who takes responsibility to respond to data requests. The situations and outcomes to all the questions will likely change over time. You may have a different method for collecting information, or you may have someone that leaves who handles data access requests. It’s important that you stay ahead of these changes and make sure your business adapts.


Escaping from the hands of data breach is quite tricky but it isn’t impossible. Investing wisely in a software which provides you with access to data from anywhere along with complete security, will make you stay one step ahead of the companies which don’t have a protocol in place to meet these contingencies. To make data more difficult to steal, businesses must encrypt it, protect that data from unauthorized access, and control how information travels. Of course, all of this must be informed by an understanding of where valuable information resides. While it is challenging to identify the potential threats, for starters as a business owner you must ask the above questions regularly and have discussions with key stakeholders to be prepared under such circumstances.



Looking for a solution to make your business more efficient?