How to Identify and Mitigate Data Leaks?
“Data is a new gold”
The term has become a new tagline in this digital era. Data is considered to be an important asset that can affect the company’s economy.
However, not everyone is aware of or has the mindset that data is an important asset that must be protected. This low awareness causes there are still many cases of cyber crime such as data theft, data leakage, and the use of fake data.
“How to treat data as gold is the first mindset that we have to build. If data is gold, you should keep it from being lost, “said Director of Inixindo Jogja, Andi Yuniantoro M. Kom when speaking at SGU Digital Clinic with the theme” Data Leakage Mitigation “. The event was organized by the Master of Information Technology, SGU.
For businesses and companies alike, data security is all about trust. Companies that lose the trust of consumers will need very high efforts and costs to rebuild. Therefore, a company needs to maintain customer trust by securing data.
How to Identify Data Security Risks?
As a digital transformation architect, Andi has experience as an information technology protection consultant for local governments and state-owned enterprises. According to him, an organization must be effective and efficient in choosing data protection methods. Thus, the methods used can be efficient and following organizational goals.
“Don’t catch mice with the Bazooka, we can do it by just installing a mousetrap. Do not let data leakage with little risk be handled expensively, it is not efficient, ”said Andi who is an alumnus of SGU’s Master of Information Technology.
Therefore, the first step that must be taken by a company is to understand what information technology assets are. IT assets that need to be owned are applications, data centers, networks, and data.
After the first step has been fulfilled, from there we can identify the risks posed by the asset. However, risk identification is not easy. Often companies misidentify risks, threats, and vulnerabilities so that their handling methods are not correct. Identification of these risks can be done by brainstorming/workshops, interviews, making questionnaires, observations, and assumptions.
The third step is to analyze whether the risk of data leakage is low, medium, and high. If the risk is low, it will be more efficient if the mitigation is also low. If the risk of data leakage is high, then the data protection controls are also high.
The next stage is to choose data security controls or controls. Currently, there is an Information Security Management System (ISMS) standard issued by the International Organization for Standardization, namely ISO 27001. This system will assist organizations or companies in building and maintaining an Information Security Management System (ISMS). “There are 50 ways of controlling in ISO 27001, companies can choose which one suits the risk analysis that has been done before,” he said.
How to Mitigate Data Leaks?
After identifying the risk, the company can mitigate data leakage. Three sectors need to be addressed to prevent data leakage.
The first step is made on the human resources of the company. All employees must understand and have a mindset that the company’s greatest asset is data. Thus, they have the awareness to protect and protect these assets.
Apart from that, the company’s human resources also need to be given digital skills through education and training. Digital skills are no longer hard skills, but new soft skills that all company employees must-have.
Some of the policies that can be implemented include access control policies, such as who can read data, modify, or have full control access. Apart from that, you can also apply a clear desk policy and a cryptography policy.
A company needs to have an application for backup in case of data loss. The most important point is that companies need to do encryption to prevent the person who steals the data. This means your data is still not lost, even though it is no longer within your network.
Besides, companies must also monitor data. Thus, the company knows if there is an attack on data security.
SWISS GERMAN UNIVERSITY (SGU) is an international university in Indonesia, was established in 2000 as a joint effort between Indonesia, Germany, Switzerland, and Austria. We are the pioneer in offering international curricula in Indonesia.
Qualified students can graduate with a Double Degree from Indonesia and Germany, which SGU provides in cooperation with partner universities; surely a valuable tool for your future careers. Ever since its establishment, SGU has been dedicated to delivering quality education in line with international standards and aims to develop skilled professionals who meet the demands of the industry. To achieve its objectives, SGU offers quality-oriented learning through 12 Bachelor’s Degree Programs and 4 Master’s Degree Programs ranging from Engineering, Information Technology, and Business to Life Sciences and Social Sciences. Furthermore, with small class sizes, and with English as the medium of instruction, you can look forward to pursuing your tertiary education and degree with full confidence.***