The rise of globally dispersed workforces and new work from home requirements are placing extraordinary pressure on every organization’s cybersecurity. And wherever there is upheaval, so cyber criminals thrive. Alongside the devastating health and economic impacts of the coronavirus pandemic, we have also seen an escalation in cyber-attacks. A recent CISO/CIO survey, looking at cybersecurity challenges in large financial services (FS) organizations, revealed that 45% of respondents have seen an increase in the number of cybersecurity attacks since the pandemic began, while almost two thirds had suffered a cyber-attack in the last 12 months.
Naturally, an increase in cyber-threats puts an organization at a heightened risk of a data breach, the average cost of which is also on the rise. Although it varies from year to year, latest reports suggest the average cost of a data breach has risen by 10% over a five-year period to $3.86M in 2020. Add in long-term reputational damage to your brand, and you have a good number of reasons why it’s important to ensure that data is appropriately handled, classified, and stored.
In response to the year’s unprecedented challenges, 92% of CISO/CIOs working in FS organizations increased their cybersecurity investment, 26% significantly so, with a focus on investing in secure file transfer (64%) and increased automation (50%) moving forward. This focus is especially important when you consider that users are operating away from the normal office environment, which further increases the risk of data being accidentally shared.
This is where employees play a vital role in ensuring the organization maintains a strong data security posture, and for this to be effective, regular awareness training is required. In our survey, 45% of CISO/CIOs had re-evaluated their cybersecurity training and policies to better reflect the increased levels of home working – a positive step and one that encourages employees to be security assets not liabilities during this difficult time.
To further protect employees and sensitive data, the onus is also on organizations to invest in technologies that help stop the inadvertent and accidental misuse of data. The foundations of a strong data security posture start with data classification tools that label emails, documents and files according to their sensitivity and importance to the organization. Not only does this indicate to the wider technology ecosystem which data security policies to apply, but it’s also a visible reminder to users, helping them understand and correctly handle the different types of data throughout their lifecycle.
Using data classification tools and best practices helps facilitate compliance with regulations such as GDPR, HIPPA, CCPA and more. They also extend the value and effectiveness of other information governance solutions working in the technology ecosystem – adding new levels of intelligence to data loss prevention and data archiving solutions. Data classification enhances the performance of these tools as they read the metadata applied during the classification process to determine how the data should be treated, handled, stored, and disposed of during its lifetime.
Recognizing the strategic value of data classification, Fortra added the two leading technology providers, Titus and Boldon James, to its data security portfolio. The solutions allow users to classify both their emails and documents according to their sensitivity, using both visual and metadata labels. Once labelled the data is controlled to ensure that emails, documents, and files are only sent to those who need to receive them, protecting sensitive data from accidental or malicious data loss.
With remote working likely to remain in place for some time, making sure employees have the knowledge and technology tools in place to minimize the risk of a data breach is more important than ever. Data classification is a core tenet of any good data security plan and now customers can work with one vendor to ensure that their data and employees are well protected.
Clearswift customers looking to implement a data classification project should reach out to their account manager. They’ll work with you to understand your data classification requirements and provide you with user-driven or automated tools to fit your business needs.