Determine the Value of Your Data
Once you have a great understanding of what might occur in a breach or data loss, it’s time to determine the value of your organization’s data.
This will help you determine how much effort and money should be put into protecting that data. You’ll need to consider the following:
What kind of damage could occur?
How much would your company (or customers) cost if this happened?
What do you want to protect?
What information can be used for monetary gain or other malicious purposes?
What information does your company need to keep internally, and what should be shared externally?
When establishing the worth of your data, you must provide answers to a number of questions.
Why choose us?
A threat is a potential source of harm. Threats can be natural or man-made and can be accidental or deliberate. Examples of threats: are fire, flood, earthquake, and terrorist attacks.
Threats are always present, and they can’t be prevented entirely. The goal is not to eliminate all threats but rather to minimize their impact on your organization’s people, processes, and assets through risk management practices that identify the risks posed by various hazards in your physical environment.
Evaluate the likelihood and impact of those hazards; develop an appropriate plan for dealing with them should they occur; create effective preventive measures when possible.
Identify vulnerabilities in your existing safeguards against such hazards/risks through risk assessments; make necessary changes in policies or procedures based on what you learn from these assessments.
Before fixing a vulnerability, you must know what it is. A vulnerability is a weakness that could be exploited if not addressed.
For example, say your company has an email system, and one of your employees uses the same password across all their accounts, work accounts, bank accounts, and social media accounts.
Suppose someone could enter the employee’s email account and get that password information (which they probably couldn’t). In that case, they would then have access to all three accounts and any other accounts using the same password on other sites like eBay or Amazon.
Companies need to limit access points into their networks and ensure that employees use strong passwords with different combinations of letters, numbers, and punctuation marks.