Protect Your SMB With These 8 Data Governance Best Practices

Why Data Governance Matters

In the past, data governance was viewed as a mundane administrative task by many organizations. As data breaches increase, cybersecurity regulations expand, and data privacy laws proliferate, companies no longer have the luxury to opt out of data governance initiatives. Here’s why:

• Increased data: According to published reports, total global data storage volume is expected to surpass 200 zettabytes by the end of 2025. That figure compares to just 97 zettabytes at the end of 2022, according to a separate report by Statista.

• Costly data breaches: Research from Ponemon Institute shows that the average cost of a data breach has risen to $4.4 million.

• More hybrid IT users: Today’s work-from-anywhere  culture has increased IT risk, since administrators frequently can’t restore users’ devices quickly in the event of critical data loss.

• Emerging mandates: Global data privacy regulations like the California Privacy Rights Act (CPRA) and the General Data Protection Regulation (GDPR) continue to expand rapidly, resulting in companies becoming laser-focused on data breach prevention.

How to Protect Your Data

With the increased importance of data protection to organizations of all sizes, here are eight best practices you can institute now to maximize your company’s data protection.

Reduce Content Sprawl

A simple—and relatively inexpensive—way to improve data governance is to reduce content sprawl. To start, reduce the amount of redundant, obsolete, and trivial (ROT) data that your organization manages. This dramatically improves user productivity, because users will spend less time searching for the files they need. 

To put the magnitude of content sprawl into perspective, recent responses to a Reddit DevOps inquiry show that organizations manage from 15 to 24,000 (yes, 24,000) different data repositories. Separately, a Splunk report found that up to 55% of stored data can be considered redundant, obsolete, trivial or dark (“dark data” refers to stale or unused data). So, for every 20 files that an organization stores in its various repositories, only nine of those files can be considered current.

By reducing content sprawl, you not only improve the user experience, you also dramatically reduce the organization's potential cyber-attack surface. 

Restrict Users’ Access to Information

With so many employees changing positions with current workforce re-alignment, it has become even more important to restrict users’ access to data. As a general rule, limit access to only the files the user needs to do their job. For example, employees in your marketing department should have access to their individual payroll information, but those employees shouldn’t have access to payroll information for the company as a whole. 

That example might sound far-fetched, until we consider that in most data repositories, individual users can give colleagues and business partners access to sensitive folders and files. As someone with a very common name, I’ve frequently been added to repositories that I shouldn’t have been added to, simply because there was another user at the organization with the same name. 

For your reference, here’s a real-world example of “need to know” access control guidelines, from the University of California, Berkeley.

Comprehensively Inventory Your Data Repositories

As the adage goes, you can’t protect data that you can’t see. To improve visibility, conduct a comprehensive review and inventory of your current data repository infrastructure. This will help identify potential shadow IT implementations.

In this case, you’ll need to combine traditional technological approaches like IT audits and network scanning with in-person outreach. Rather than advocating a “my way or the highway” approach, you’ll need to engage with stakeholders in business units to identify what data repositories they’re using, and how the repositories can be secured more effectively. Outreach will also give you important insight into the shortcomings of company-sanctioned data repositories, so you can make them more effective.

Restrict File Sharing in Content Collaboration Services

Content collaboration services like Microsoft Teams and Slack have revolutionized the way we share content with colleagues and business partners. But, such solutions can lead to content sprawl and unsafe content-sharing practices if they aren’t managed effectively.

Educate users about the need to share links to files instead of file attachments when collaborating. And when you offboard a particular user, remove their access to any content collaboration solutions immediately—such solutions pose significant IT risk and provide an attractive target to potential cyber-attackers. 

To put that advice into perspective, a recent study by Microsoft found that up to 10% of Active Directory users can be considered inactive, based on end users’ login timestamps. For a company with 200 end users, that means up to 20 of your Active Directory accounts could be accessed by cyber-attackers or former employees!

By restricting file sharing in these services, you’ll reduce your file storage clutter and improve your security posture.

Incorporate Data Backup into Your Incident Response Plan

Data backup procedures need to be memorialized in your company’s incident response plan. Although that recommendation might sound like common knowledge, a study by Veeam found that an unbelievable 58% of data backups fail, leaving those companies’ data unprotected. 

To prevent such situations, your data backup, encryption, and business continuity/disaster recovery (BCDR) procedures need to be formally captured in writing and routinely stress-tested with table-top exercises. This helps confirm that data backup processes will function properly in the event of a real emergency.

Implement Multi-Factor Authentication

If your IT security budget is limited, a good place to start is with implementation of multi-factor authentication (MFA). With MFA, users authenticate their access to your systems by supplying two or more pieces of evidence—also known as factors. Microsoft research reveals that users who enable MFA on their accounts can block up to 99.99% of automated cyber-attack attempts.

Prevent Intrusions Before Attackers Reach Your Data

Another effective way to protect your data is to prevent potential intrusions before they reach your data infrastructure. A comprehensive defense-in-depth strategy combines anti-virus solutions, intrusion detection systems (IDS), and data encryption with existing data protection processes and MFA. Implemented collectively, this will reduce the probability of cyber-attacks.

Explore Ransomware Detection and Recovery

Reported global ransomware payouts surpassed $813 million in 2024. To prevent potential ransomware attacks that can encrypt your mission-critical files and stifle organizational productivity, consider a content management platform that detects potential ransomware and flags unusual behavior like high-volume encryption. Many solutions permit you to “roll back” to earlier versions of critical files in the event of a ransomware attack, which is commonly referred to as snapshot recovery. Watch snapshot recovery in action in this quick video. 

Learn More 

To learn firsthand how you can put governance best practices into action, watch this beneficial webinar replay.