The Dev Ops Center open on a desktop with a new notification object and an Einstein sidebar

What Is Data Security? Common Threats and How to Protect Your Data

Data security is important to every business. Learn what the most common security threats are and how to protect your data.

Jacquelin Barnes

Generative artificial intelligence (AI) has everyone talking  — and for good reason. It promises many benefits that can improve our lives, but it also comes with risks. According to IT experts, one of the biggest risks is data security. In fact, 79% of IT leadersopens in a new window believe generative AI can introduce new security risks.

We’ll help you learn how to create a security-first mindset by discovering:

  • Why data security is important to your business
  • The most common data security risks
  • The best practices to secure business data
  • The data solutions that can help your business balance security and business objectives
Title slide of the State of IT report, showcasing Salesforce mascot, Astro.

Read the 3rd edition State of IT Report with insights and trends from over 4,000 IT leaders worldwide.

What is data security?

Data security is concerned with protecting the sensitive information you and your company store or share with others. Data security is important to every organization, and especially critical in regulated industries, such as financial services, healthcare, and retail. That said, data security isn’t only about security measures or tools; it’s also a state of mind.

Astro wearing a Salesforce t-shirt, standing in front of the Gartner logo, jumping in celebration. Confetti overhead. A bush with flowers in the foreground.

Salesforce named a leader in the Gartner® Magic Quadrant™ for Enterprise Low-Code Application Platforms.

Why data security is important to your business

No matter what industry you’re in, you probably store sensitive data that you want secured from cyberattacks — and cyberattacks are on the rise. By 2025, “45% of organizations worldwideopens in a new window will have experienced attacks on their software supply chains, a three-fold increase from 2021.”

On top of that, according to the World Economic Forum and Accenture’s Global Cybersecurity Outlook 2023opens in a new window, “Business and cyber leaders believe global geopolitical instability is moderately or very likely to lead to a catastrophic cyber event in the next two years.”

How do you balance your goals of productivity and speed with enterprise data security? Alvina Antaropens in a new window, CIO at Okta said: “There’s a perception that strong security impedes productivity, experience, and empowerment, so we need to make sure that we’re designing security protocols in a way that counters that idea. I call it ‘secure by design.’ For example, if we decide we need to block USB sticks or remove admin rights for security reasons, we need to make it clear to users what alternatives we’re offering that can maintain, or even improve, productivity. If we don’t offer alternatives to legitimate, but vulnerable practices, we aren’t doing our jobs fully as security professionals.”

Astro in front of a newsletter.

Stay up to date on all things security and privacy.

Sign up for our monthly newsletter to get the latest research, industry insights, and product news delivered straight to your inbox.

Businesses that operate in certain countries and regions also deal with regulatory requirements to protect customers’ data. Fail to do so and your company can face substantial fines. Data breachesopens in a new window can also expose trade secrets and intellectual property, cost revenue and market share, and erode your hard-won competitive advantage. Most importantly, misuse of data can negatively impact customer trustopens in a new window.

Speaking of competitive advantage, data security gives you precisely that, suggests ISACA. A 2022 survey found that 33% of consumersopens in a new window have stopped doing business with a company because it had a security breach. If your company doesn’t protect its data, customers may take their business to a competitor that does.

So why is data security important? Because regulators demand it, your customers expect it, and your brand reputation depends on it.

If we don’t offer alternatives to legitimate, but vulnerable practices, we aren’t doing our jobs fully as security professionals.

Alvina Antar, CIO at Okta

4 most common data security risks

Data security risks are numerous and diverse. Prepare for every potential security problem, starting with the most common.

1. Cyberattacks

Cyberattacks are deliberate attempts to steal your sensitive data. Some common types of cyberattacksopens in a new window are phishing, broken access control, compliance problems, Internet of Things (IoT) attacks, and ransomware.

In phishing attacks, emails, texts, or social media messages appear to come from legitimate senders but actually originate from criminals. Their goal is to trick you into clicking a link or downloading a file. This gives the bad actors access to your device or network, which they can then manipulate to their advantage.

Phishing attacks are a common way to spread ransomware, a malicious software that infects devices and encrypts data so you can no longer access it. Attackers ask for a monetary ransom in exchange for the encryption key, but they don’t always keep their word. Even when companies pay the ransom, they often lose their data. Sixty-one percent of organizationsopens in a new window that paid a ransom to an attacker got some of their data back, while only 4% got all of their data back.

2. Insider threats

Insider threats are attacks carried out by a company’s existing employees who deliberately steal, destroy, or modify sensitive data – whether it’s for personal gain or to harm the company.

3. Accidental exposure

Many data breaches are accidental. The cause may be a negligent employee who loses, shares, or mishandles sensitive data. An example of accidental exposure could be an employee not protecting their own password or company login credentials, which external attackers can exploit to access data and confidential personal or business information.

4. Cloud misconfiguration

While cloud computing offers many benefits,  it’s critical to configure your cloud environment correctly so your data is secure. Common cloud securityopens in a new window problems include:

  • Misconfigured security settings
  • No visibility to access settings and activities
  • Errors with access management and permissions

Data security solutions to protect your company

Although data security risks are serious and increasing, there’s good news: data security solutions can mitigate damage from data loss and even prevent it from happening.

Authentication

If you use online bill pay or email, you’re probably familiar with the idea of authentication: confirming your login credentials to ensure you are who you say you are. Tools like single sign-on (SSO), multi-factor authentication, and breached password testing are common, efficient ways to authenticate users.

Encryption

Encryption tools use algorithms to scramble your data by converting it into an unreadable format. You can only unscramble the data with an encryption key — the cybersecurity equivalent of a decoder ringopens in a new window.

Tokenization

Tokenization is somewhat like encryption, but instead of using an algorithm to scramble your data, tokenization replaces data with random characters called tokens. The real data is stored in a “token vault” on a centralized server. Tokenization is like keeping decoy money in your wallet in case of theft while storing your real bills in a safe deposit box at the bank.

Data loss prevention

Data loss prevention is a fancy way of saying “backing up your data”. Data backup — a copy of your data in a local data center, the cloud, or a remote location — gives you peace of mind and lets you get right back to work. You can also look into data loss prevention software, which can analyze your data, enforce your data protection policies, and alert you if it notices suspicious activity.

Endpoint protection

Antivirus software protects against malware and other digital intrusions. But as cyberattacks become more sophisticated, attackers can sometimes get around it. An endpoint protection platform (EPP) is a strong and more protective alternative that combines multiple data security solutions into a single package, including antivirus software, data encryption, and data loss prevention. It can detect and stop threats at the source and is one of the most effective security investments out there.

Password hygiene

Password hygiene is basic but effective. Require your employees to use strong passwords — ones that are unique, long, and contain various types of characters. It’s still one of the best ways to protect data. It’s also smart to require and remind employees to change their passwords often.

10 best practices for data security you should know

With so many data security solutions available, it’s easy to wonder where to start, so we’ve rounded up 10 steps your company can take to protect your data now.

1. Take a detailed data inventory

You can’t protect data you don’t know you have. Your first step is to take stock of the data you have, how sensitive it is, and where it’s stored. Data discovery and classification tools can help.

2. Perform a vulnerability assessment

Perform a data security audit to find data security gaps and vulnerabilities so you can direct your time, money, and human resources where they will be the most effective.

3. Monitor data usage and activity

Enable continuous monitoring and real-time alerts; they can help you avoid data loss by detecting suspicious users and unusual file activity before it’s too late.

4. Create and enforce access management controls

An identity and access management (IAM) solution controls who in your organization can access sensitive data and when, where, and under what circumstances. Control access to information even better by enabling SSO and multi-factor authenticationopens in a new window.

5. Keep software up-to-date

Encourage employees to update software as soon as new versions are released. This keeps their machines protected with the latest security features.

6. Perform regular backups

Run continuous and consistent data backups. These help ensure business continuity in the event of a data breach. Backups also let you assess quickly the scope of damage in case of data loss or corruption.

7. Always encrypt

Routinely encrypt your data during storage and transmission because it safeguards the data, making it useless if stolen. Encryption helps you avoid data theft that can erode your company’s ROI.

8. Educate employees

Make sure your employees understand how common phishing attempts are. Offer employees regular training so they understand the importance of sound security practices, such as password hygiene.

9. Adopt a zero-trust mindset

Zero-trustopens in a new window security assumes that cybersecurity threats can come from anyone, anywhere, inside or outside of a company’s network. It’s another way to protect your ROI. By adopting zero-trust security, you require that users’ identities and security postures be authenticated, authorized, and validated.

10. Remember physical security

Physical data security is simply about controlling physical access to your data, whether it’s stored on- or off-site. Digital data resides on physical machines inside data centers. Key cards, security personnel, and biometric authentication, such as fingerprint, iris, or facial recognition, can help prevent unauthorized access. Because data also lives on your employees’ laptops, make sure they know not to leave their laptops unattended in public.

Amplify data hygiene across your organization

Data security products have a direct impact on your company’s success. They help you build and test secure appsopens in a new window, monitor threats, and encrypt data. They can manage identity and privacy and protect customer information.

But there’s more IT and security leaders can do to amplify data hygiene. “It’s key that security and IT teams work hand-in-hand,” says Alvina Antar.

“In the past, security teams have defined standards and then IT begrudgingly implemented them. We need IT to have a strong voice and be tied at the hip to security in all phases of security strategy and implementation. Beyond that, it’s critical that each employee has a clear understanding of protocols and that there’s acknowledgment of accountability because vulnerabilities are ultimately in your employees’ hands.”