Mask And Masking Is The New Normal
Wearing mask in personal life protects you from hazardous gas, particle matter and viral infections. You have to wear it in a right way, every time there is an chance of risk. Masking is also important in business. It has been used during for some time like printing last 4 digits of payment card or SSN on reports, letters and other material being distributed physically. Now there is a need to take it further. It is even more important considering recent cyber-attacks and data breaches. Masking the sensitive data in business protects it from cyber risks (internal, external threats) and keeps you away from related liabilities.
There are few things you need to do for it on a schedule, make it a part of your quarterly calendar.
- Routinely assess data your company collects, produces and shares which ones are to be taken care for PII, PCI, HIPPA, GDPR, and other compliance needs.
- Assess Business IP, and workflow, access.
- Assess its access – who has access to it, if people are still on the project, need to know complete data or can do with masked data.
- Review Data access history/audit log to see if data is being accessed is in sync with tasks performed.
- Make sure you your unmasked data and sensitive documents are stored in secure data, document vaults protected by strong password, smart MFA.
- Make sure you store data in database repositories with encryption, masking tools and do use those tools to minimize the exposure.
- Make it a part of Reporting QA to make sure it masks the sensitive data fields, as reports can be print or shared.
There is one slogan from National Cyber Security Alliance that we are champion of. I personally like it. It goes like, “If you own it, Secure it”.
Discard, Mask, Redact, any PII, Payment, healthcare or other personal attributes that you are not going to need to serve your customers. Its tough to let it go but it goes a long way to ensure safety of data.
Data analysts most of the times don’t need to see real data values even in production. So make use of modern real time data masking techniques that allow you to choose and mask only what is appropriate for the job role. You may even consider using data scrambling tools, if they need to see complete data field before you give copy of production to data analysts.
Now a days Analytics and Data Science is a way to go to run business with meaningful insights. But you have to take some precautions. Redundant copies of data lying around unprotected, if get stolen, breached you will be facing huge business risk and liabilities in millions. Revisit your data warehousing, analytics processes and make sure all dev, staging, prod data is accounted for and access is given on need basis.
Get the experts assess your compliance needs and help you weave protective layer of able cyber defense and IT policies around it. Again remember “IF YOU OWN IT, SECURE IT”.