Data Protection

Download our FREE whitepaper on data loss prevention best practices. Download Now

In recent years, data protection has become a must for all companies, no matter their size. While big organizations suffering data breaches such as Facebook, Orbitz or Quora are the ones making headlines, a more troubling reality awaits small and mid-sized companies: 60% of them go out of business within six months of a cyberattack, according to the National Cyber Security Alliance.

Additionally, the rise of data protection regulations around the world has added an extra layer of urgency to the need for all companies to implement concrete data protection measures. Big companies, are, in many cases, way ahead of the game, having already built their cybersecurity policies and tested them over the course of the last few years. Let’s have a look at the most successful ways to protect data in an organization and ensure corporate data security.

1. Knowing where data is and where it’s going

One of the most crucial steps towards efficient data protection is knowing exactly what data is being stored and where. By accurately identifying their data flow and its vulnerable points, companies can make informed decisions concerning the measures they need to take to protect it.

Large organizations use data discovery tools to scan company networks for sensitive data and, when finding it on computers not authorized to access it, they frequently have the option of deleting or encrypting it. In the age of data protection regulations, transparency is key both for compliance and for building effective data protection policies.

2. The use of encryption across the board

From encrypted hard drives, USBs, and phones to data encrypted prior to its transfer to the cloud or onto portable devices, encryption has become an essential step to protect company data and secure sensitive information.

Encryption tackles two common data protection vulnerabilities in today’s global economy: a workforce always on the move and the rise of remote work. With devices frequently leaving the safety of company networks, encryption ensures that, in case of theft or loss, the sensitive data they contain is inaccessible to outsiders.

3. Protecting data in the cloud

The cloud has become an integral part of digitalization efforts, but as data migrates to the cloud, the issue of its security has sparked heated debates among CIOs and in information security circles. While many argue that the security measures applied by cloud service providers to their servers far exceed any a modest or even large company is likely to apply to its on-site servers, the feeling that their most sensitive data’s security is out of their hands makes many organizations nervous.

The most common policies applied by big companies involve the use of tools specialized in data protection in the cloud or a limitation of the types of data that are stored in the cloud. Another strategy involves encrypting sensitive data before it is transferred to the cloud.

4. Educating employees at all levels

The human factor is often the biggest vulnerability in the chain of data protection. Whether through ignorance or negligence, employees account for 54% of data breaches according to a survey conducted by the Ponemon Institute. Large corporations ensure employees are kept informed of compliance regulations and internal cybersecurity policies, providing them with both training and clear guidelines for those coming into contact with the most sensitive types of data.

C-level executives are frequently targeted by malicious outsiders due to their high-level access to data. Big companies take special care that higher management do not circumvent the rules as it is essential that the same level of data security is maintained across the board, not only horizontally, but vertically as well.

Software such as Data Loss Prevention solutions can act as an effective method of enforcement, by setting clear policies that protect and restrict access to sensitive data. Levels of access to data can be controlled based on groups and specific users or endpoints.

5. Creating BYOD policies

As companies embrace Bring-your-own-device (BYOD) policies that increase productivity and reduce costs, they often ignore their security implications. Accessing sensitive information on personal devices means that data is traveling outside the confines of the company network, effectively rendering any security measures taken to protect it moot.

Big organizations restrict the sort of data that can be transferred outside company devices. At the same time, policies marking the level of trust of a device can be applied. In this way, employees are given the option of aligning the security of their personal devices to policies used within the company and, if they choose not to apply them, it guarantees that no sensitive data is allowed to be transferred on them.

As we move forward into the age of data protection by design and by default, smaller and mid-sized companies must follow in the footsteps of larger companies and adopt security methods to protect data from both inside and outside threats or risk losing not only their customers’ trust but their entire businesses.

Frequently Asked Questions

What are some steps to build a solid foundation for data protection?
There are a few basic steps organizations can take to build a solid foundation for data protection: define your sensitive data, establish data protection policies, employee training, use specialized software to protect your data.

Read more on how to protect your sensitive data.

What is and how to protect data in motion?
Data in motion, also referred to as data in transit, is digital information that is transferred between locations either within or between computer systems. It can be data sent from desktop to cloud, portable devices or other exit points. Once the data arrives at its final destination, it becomes data at rest. In order to avoid data breaches, you need to: identify critical assets and vulnerabilities, define security framework for data, and implement technologies and processes.

Read more on how to protect data in motion.

What is and how to protect data at rest?
Data at rest is static data stored on hard drives that is archived or not often accessed or modified. Usually, conventional antivirus software and firewalls are used to protect data at rest. However, these do not guarantee safety from phishing attacks for example that can target specific individuals, corrupt one workstation and then proceed to attack the rest of the network. Solutions such as Endpoint Protector, through its eDiscovery module, can scan data at rest stored on employees’ endpoints for sensitive data based on predefined or custom content, file name or particular compliance profiles. Based on the results, it can then encrypt or delete the data to protect from potential breaches.

Read more on how to protect data in motion.

Why adopt a DLP solution?
Data Loss Prevention (DLP) solutions help companies to safeguard valuable business information such as customer data or intellectual property, as well as minimize the risk of a data breach which can lead to economic losses, reputational risk, or legal problems. Organizations adopting a DLP tool can ensure protection against both malicious and negligent insider threats, as well as meet the compliance requirements of data protection regulations such as the GDPR, PCI DSS, HIPAA, or CCPA.

Read more on top reasons to deploy and endpoint DLP.


Download our free ebook on
Data Loss Prevention Best Practices

Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.

Oldest Most Voted
Inline Feedbacks
View all comments
Henry Killingsworth
5 months ago

You made an interesting point when you talked about how it is important for companies to know exactly where data is being stored. I would imagine that it would be important for every company to work with an IT service because these services can help explain what kind of protection they offer. An IT service can help business owners understand the where and how of data protection.

megan alder
1 year ago

I found it very interesting to know how big, and even small companies protect their data using encryption in phones, USBs, and hard drives, as well as protecting all their data in the cloud. My husband and I have been thinking about starting a business, and I do believe that using a software that encrypts data is necessary. I will start looking for options to ensure we have a secure data management once we start it.

1 year ago

Very helpful article, thanks. Data security is a very important indicator for me. I myself use special tools for data security. However, I was very interested in reading how corporations do it.

1 year ago

nice post

2 years ago

Data protection strategy across organizations and shift the focus from securing the network to securing the data. Thanks for sharing some great ways to secure data!

Join a great community of

Data Protection Professionals

Get expert tips, industry trends, and the latest updates about our products and solutions. Subscribe below:
Please use a valid email address!
Almost finished... We need to confirm your email address. To complete the subscription process, please click the link in the email we just sent you.