Divestitures, dissolution of partnerships, and other business split-ups are rarely fun, but they do happen and can have significant implications for your digital assets. Whatever the reason for a business split-up, it's important to prioritize digital security.
The average data breach in the U.S. costs a company $9.4 million. Your digital assets need to be protected before, during, and after the split.
What are digital assets and why are they vulnerable to cyberattacks?
Digital assets are any virtual item created and maintained/stored online. They're identifiable to your particular company or someone within your company, and they're of a certain value. Digital assets also must be searchable and discoverable, typically through metadata.
During business split-ups, you have to take inventory of all of your digital assets and who may have access to them. You also have to preemptively determine how hackers could exploit vulnerabilities to find and exfiltrate data and assets that could be of value to bad actors — or damaging to your company. You never want to think your former business partner would use sensitive information against your company, but it happens, often accidentally.
Best practices for protecting your digital assets
When separating your business, it's wise to implement identity and access management (IAM) best practices. Some of these include:
- Requiring multi-factor authentication (MFA)
- Implementing single sign-on (SSO)
- Managing authorization
- Ensuring the right identities have access only to the appropriate resources, and nothing more, through identity governance
Strategies for enhancing your security posture
You may already have a strong foundation of IAM best practices in place. Even so, there are tools that help you keep your accounts secure, particularly in the instance of a business split-up.
Institute a cybersecurity policy
A shareable, company-wide cybersecurity policy should be available in times of dissolution. Set it up as soon as possible, even if there's no business split-up planned for the foreseeable future. In the event that one does happen, you'll then have something to refer to and mark off as a sort of checklist to ensure all your cybersecurity bases are covered.
Cybersecurity policy for digital assets during business split-ups should include some of the following:
- A list of all accounts managed by your organization
- A list of all third parties with and their access privileges
- A guide for managing account access
- When to revoke account access upon dissolution
- Risk assessment instructions
- An acceptable use policy (AUP) that parties have to sign
- A response plan in the event of a data breach
You can find variations of these types of policies online, but tailor them to your specific situation. Have an overall cybersecurity policy and include a section on business divestiture or dissolution, or make a separate document for this entirely. The important thing is that the right people in the organization have access to this policy to refer to as needed.
Implement strong authentication
Strong authentication practices are a hallmark of cybersecurity. While many organizations continue to rely on username and password combinations for authentication, this practice is known to be risky. For five consecutive years, the leading cause of breaches has been unauthorized access, which is another way of saying the use of stolen credentials.
For environments where passwords remain in use, the first line of defense is to require strong and unique passwords for every account, and changing them regularly (and immediately in the event of a business split).
Attackers often use "brute-force" techniques to guess weak passwords, including using random password generators to guess passwords rapidly, or by simply guessing the password due to its weak nature — for example, if the password is "password1234" or "Qwerty!" Despite stronger enterprise policies, employees commonly use such weak, guessable passwords, and use them for multiple accounts. These practices expose your organization to risk, as hackers also frequently turn to credential stuffing, which is the practice of using credentials for one account to gain access to other accounts.
A better approach to strong authentication is passwordless authentication, which can reduce the risk of a data breach following a business dissolution. By eliminating passwords and replacing their use with biometrics, like fingerprints or facial scanning, passwordless offers are far more secure way to ensure that only the right account holders can access your digital assets.
Another way to strengthen security is through risk-based authentication, which uses AI to detect unusual behavior. For example, a legitimate employee may sign in to an account using the correct credentials and a trusted device, but the location is unusual. An AI-driven tool would automatically flag such a request and require additional authentication steps during that first attempt. If the login attempt is deemed a high risk, it is automatically blocked or redirected for analysis.
Eliminate identity silos
Identity silos occur when different systems, applications, or business units have disparate identity systems that don't talk to each other. What you need is an enterprise-wide view of all your identities and their access permissions, no matter where they are connecting or where the assets they seek are hosted.
Hybrid IAM is the way to unify and secure all your digital identities and access requests whether your data and resources are running on-premises, in public and private clouds, or all of the above.
By implementing a modern identity platform, you can manage and protect digital assets, even if you have a hybrid work model or are moving to a different business workflow process along with the divestiture.