Safeguarding Your Financial Data: Dito on Post-Tax Season Data Security

Tax season has come and gone, and with it came the annual flurry of sensitive financial information being exchanged between individuals, businesses, and accountants. In the midst of this data deluge, it's easy to sidestep the security of the data you’re sharing. But as cyberthreats continue to evolve and proliferate, safeguarding your financial data has never been more crucial.

To shed light, we turned to Rich Foltak, Senior VP and Head of Cloud at Dito, a leading provider of cloud solutions and security services. With years of experience helping organizations navigate cloud security, Foltak is here to chat with Virtru’s Juan Salinas about protecting financial data beyond tax season. 

The main lesson is simple.

"Everything's about data," Foltak asserts. "It's about the utility of data, managing, moving, dealing with the data, but doing it in a manner that is secure and compliant. The goal is to keep you off the front page of some newspaper in terms of a breach."

Foltak’s Biggest Concerns on Sharing Financial Data

Tax season is officially over for laymen - but Foltak’s concerns span beyond that time of year. These are the challenges he faces in helping organizations secure their financial data year-round.

Organizations having an unfocused, one-size-fits-all approach. Many organizations fail to prioritize their most critical and sensitive information, adopting a blanket approach to securing all data in the same way.

"You can't protect everything, nor should you. The old adage, don't spend $1,000 to protect the $20 bill. That’s not the role of a security team… when you have something that’s priceless to an organization, you’re going to have to invest in the people, processes and technology to secure it," Foltak emphasized.

Ultimately, it’s a struggle to properly classify data based on its sensitivity and importance. Treating all data with the same level of importance seems right in theory, but in practice it’s a recipe for massive oversight. Foltak stressed the importance of identifying critical data and prioritizing that first.

Human error and lax security practices: The challenges according to Foltak are two-fold: The IT leg of an organization might be overextending itself to protect sensitive data, but the further away from a security-minded team you drift, the more lax the security practices tend to be. That’s when human error can cause big problems for an organization in protecting its financial data.

"If I was thinking evil, I would be going for your lowest hanging fruit," he said.

By “lowest hanging fruit,” Foltak means sensitive data handled so frequently that its importance becomes lost. He raised the comparison of family photos to tax documents. While family photos may be important to someone, they don’t hold the same level of sensitivity as financial or tax records - nor should they be treated as such.

Financial organizations and IT teams exist to make that distinction clear, and to provide an easy way to protect the sensitive data that needs safeguarding.

People, Processes, and Technology: A Comprehensive Approach to Data Security

So, how can you ensure that financial data remains secure year-round? The key, according to Foltak, lies in a comprehensive approach that encompasses people, processes, and technology.

People

Training and education can have one of the biggest impacts on the security of financial data flowing through your organization. It’s clear what the risks are for not educating your employees, and Foltak explains some starter ways to get the employee education ball rolling.

“Understand that there are certain things you could do to help your people, your process, which involves sometimes training or just having a security policy yearly assessment…” He explains. “Do you guys know about phishing? Do a trial hack in your environment, call it a tabletop exercise.”

He also emphasizes how automation can make it easier on your employees to keep security top of mind - methods like Data Loss Prevention, Digital Rights Management controls, and more.

"It's not just technology," Foltak emphasizes. "It's people and process. You need to have controls in place that say, 'Hey, should we be doing this?'"

Processes

Central to strengthening the operational excellence of a well-rounded security posture is proper data classification - a theme emphasized by both Salinas and Foltak.

"Organizations have to look at things from an operational standpoint," Foltak explains. "What is my governance? How do I manage my data? What data do I have, and how do I focus on protecting it? Because all it takes is one breach these days, and your company could be dragged through the mud."

By identifying which data is critical and sensitive, you can prioritize your security efforts and implement appropriate controls. "If you don't classify your data and then say, this is critical to my operations, it's highly restrictive, only a very select set of people should have access to this, you're going to get yourself into trouble," Foltak warns.

Data classification enables organizations to apply the right level of protection to their most valuable assets. By categorizing data based on its sensitivity and criticality, companies can ensure that their security measures are aligned with the potential impact of a breach or unauthorized access.

“What are you willing to do with that data?” explains Salinas. “What kind of access should the person I'm sharing that data with have?”

Technology

“Data needs to be shared in order for businesses to operate,” says Salinas. “That's just the world we live in. How do we make sure we are empowering people to handle that need to handle and share sense with data, give them the right processes, right, and tools, to make sure we are being as diligent as possible?”

The answer: with the right tools that protect the data itself, no matter when, where, or with whom. Tools that meet you where you work, and allow your admins to have insight into where your data is at all times. We and Dito call that data-centric security.

By adopting a data-centric approach and applying controls to the data itself, organizations can significantly reduce the risk of breaches and unauthorized access. Foltak stresses the importance of keeping data in the cloud, where it can be monitored and controlled more effectively.

"We put a lot of emphasis on protecting your data and not allowing it to get to your laptop," Foltak explains. "Why? Because we can monitor it. We can watch who has access to it. …What we find is if people know controls are in place and that they're being monitored at least loosely, that they're less tempted to behave badly.”

Continuous Improvement and Adaptation

No security strategy is complete without continuous improvement and adaptation. As Foltak points out, every organization has unique needs and objectives, and what works for one may not work for another. By consistently updating cybersecurity frameworks, conducting regular assessments, and partnering with experts, organizations can stay ahead of the curve and mitigate risks effectively.

"Don't reinvent the wheel," Foltak advises. "Understand that there are good practices out there. Understand that there are certain things you can do to help your people, your process, which involves sometimes training, having a security policy, yearly assessments."

Safeguarding Data is Shared Responsibility

Take it from Dito - safeguarding your financial data is a shared responsibility. By prioritizing security, staying informed, and working with trusted partners, you can protect your sensitive information and maintain the trust of your clients and stakeholders.

Don't let your financial data become another statistic. Take action today to safeguard your information and secure your future. With the right mindset, tools, and partnerships, you can have a stronghold on your data with confidence and peace of mind.

About Dito:

Having spent the last 15+ years supporting start-ups to Fortune 100 adopt Google Cloud enterprise solutions, Dito has emerged as a leading cloud strategy, consulting, and services firm. Dito routinely helps solve complex cloud & security challenges for some of the largest organizations in the world while supporting thousands of customers in maximizing their use of Google Cloud solutions.

As a Google Cloud Premier Partner, Dito provides consultative sales, support, change management, and professional cloud services to organizations interested in leveraging Google Cloud’s infrastructure, AI/ML, location services, and productivity suite to transform and scale their business.