Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

How Does Data Literacy Enhance Data Security?

With the rise in cloud-based security concerns and other issues, organizations must improve data literacy across the enterprise.

4 Min Read
Photo of two women doing work on a big monitor in an office
Source: megaflopp via Adobe Stock

Question: How does data literacy enhance data security in the enterprise, and why is it important to enterprise security?

Sam Rehman, SVP and CISO, and Taryn Hess, Ph.D., Principal, Business Consulting, EPAM Systems: The shift to cloud computing is perhaps the most significant tech trend of recent years, with the public cloud computing market expected to be worth more than $800 billion by 2025. From decreasing IT costs to increasing opportunities for innovation, the cloud holds many benefits for companies across every industry. However, many employees are unprepared to securely set up cloud applications or unaware of how poor configuration could affect data security. One of the main reasons why organizations struggle to secure their cloud environments is a companywide lack of data literacy.

In today's marketplace, a data-literate workforce — one that uses data as a company asset in decision-making, evaluates and questions data, knows how to find data, and confidently interacts with data to derive insights and tell a story about it — is critical to business success. In a 2022 survey by the Data Literacy Project, only 11% of respondents were fully confident in their data literacy skills. It is of the utmost importance that businesses engage in efforts to enhance data literacy, which will improve data security.

Data Handling and Classification

Fundamentally, data leaks are a result of insufficient data literacy. These incidents stem from someone not fully understanding the value of a particular data set and mishandling it by either sharing it with people who shouldn't have access or leaving it unprotected and exposed to hackers.

The consequences of not understanding and mishandling data can be costly, causing damage to brand reputation, and, should proprietary information be stolen, a company could lose market share to a competitor. Moreover, if an employee's potentially identifiable information (PII), such as their health records or religion, is leaked in a data breach, that person could be in danger.

From a data literacy perspective, everyone within a company should consider themselves a data security ambassador. Indeed, a sufficient understanding of the data an employee uses regularly will empower them to secure it properly. Of course, there are layers to data literacy within a business, as some roles require greater literacy than others — i.e., data scientists and architects compared with legal or HR personnel.

One of the main ways people can increase their data literacy is by learning data labels. In particular, people must be aware of a data set's classification and have adequate knowledge to handle that information accordingly.

Today, commercial businesses leverage data classifications similar to those the government uses, including public, internal, confidential, and restricted levels. Public data is nonsensitive information available to anyone via the company website. Internal data, such as the employee handbook, is reserved for those within the organization. Confidential data, like pricing or marketing materials, must remain limited to select teams. And restricted data, such as trade secrets or PII, is highly sensitive and could be disastrous should it be disclosed.

Data Maturity Assessment and Culture Transformation

Improving data literacy is a multifaceted process. To establish a baseline, brands can conduct a data maturity assessment or map data security competencies (knowledge, skills, and abilities) across every role in a company. Organizations can determine their data maturity by checking what isn't working, be it a lack of communication or misunderstanding from not speaking the same language, such as the same term meaning different things for different departments.

From there, businesses can build growth plans and create opportunities for everyone in the organization to upskill on data security based on their roles. Likewise, a data maturity assessment will reveal whether an organization needs to look outside of itself for talent.

Though the previous methods are critical to improving data literacy, almost 92% of executives rate culture as the greatest barrier, making it the top priority in this area. Shifting a culture to one that embraces data literacy can be tricky; however, by involving the right leaders and stakeholders, companies can ensure alignment across the enterprise.

Once leadership has bought in, organizations can engage everyone with data security through various means, including newsletters, project meetings, town halls, online learning, workshops, etc. Likewise, it's critical to drive awareness of potential threats, like phishing attacks, data loss, or cloud misconfiguration.

Data Literary Undergirds All Security Efforts

Although various strategies, such as deploying policy and encryption to protect cloud environments, are necessary to minimize the impacts of data breaches, companywide data literacy undergirds the effectiveness of such methods and must remain a priority. Indeed, data handling and proper attention to the different classifications will empower people to use data safely, driving innovation and business success.

About the Authors

Sam Rehman

SVP and Chief Information Security Officer, EPAM Systems

Sam Rehman is Chief Information Security Officer (CISO) and Head of Cybersecurity at EPAM Systems, where he is responsible for many aspects of information security. Mr. Rehman has more than 30 years of experience in software product engineering and security. Prior to becoming EPAM's CISO, Mr. Rehman held a number of leadership roles in the industry, including Cognizant's Head of Digital Engineering Business, CTO of Arxan, and several engineering executive roles at Oracle's Server Technology Group. His first tenure at EPAM was as Chief Technology Officer and Co-Head of Global Delivery.

Mr. Rehman is a serial entrepreneur, technology expert, and evangelist with patented inventions in software security, cloud computing, storage systems, and distributed computing. He has served as a strategic advisor to multiple security and cloud companies and is a regular contributor for a number of security industry publications.

Dr. Taryn Hess

Principal, Business Consulting for Client Learning and Talent Enablement, EPAM Continuum

Dr. Taryn Hess is a leader in the Client Learning and Talent Enablement practice at EPAM and an expert in learning and change management, helping clients align employees' knowledge, behaviors and mindset to business strategy. Dr. Hess consults directly with client leaders to evaluate and align capabilities, processes, and tools to achieve business objectives. Her multidimensional skillset — which spans learning, psychology, business, and organizational change management — allows her to find creative and impactful solutions to people-related challenges plaguing organizations. Her work supports a wide range of topics and industries, including customer service, aviation, public health, public administration, automotive, and international finance. She is a sought-after speaker on transformation evangelization, continuous learning culture, and digital and data literacy.

Dr. Hess received both a Bachelor of Science and Master of Science from Florida State University and a Doctor of Philosophy from the University of Central Florida.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights