I’ve been on a Dave Ramsey kick lately.  I like his message and his concept of declaring war on debt.  One of his mantras can save people TONS of cash if they would just use basic things they learned in school.

“Do the math!”

Everyone out there has a brother-in-law, church buddy, or friend of a friend who is “a finance guy.”  We tend to listen to people we consider experts without questioning their motives, simply because we don’t believe we can comprehend the complexity of the question enough to figure the answer out ourselves.

For example, several years ago I went to a car dealership to buy my wife a new car.  I had just recently graduated with my MBA, brought my Texas Instruments BAII Plus, and got ready to talk numbers1.  I left my wife at home and headed out with strict instructions on make, model, and of course COLOR.  Negotiators at car dealerships want you to focus on the monthly payment instead of what you are paying for the vehicle (at least in my experience).  When I got the first offer back, I did the math and learned  while most auto loans at the time were going for 6%, this dealer wanted to put me into a 9.5% loan.  I ran the numbers MANY times thinking that my MBA failed me.

It didn’t.

088/365 More maths today, by stuartpilbrow

088/365 More maths today, by stuartpilbrow

Because I did the math, not only did I save money on the monthly, but I also cut the money I paid in interest over the life of the loan almost in half!

You know what?  I dreaded doing the math, but once I did it, I found it was easy to do, and kicked myself for not doing it more often.  By starting with the basic math going into a financial instrument like a car loan, I was able to make smart decisions about the purchase to save money and ensure that it did not have an adverse effect on my financial situation.

If Dave Ramsey were a security pundit, I think he would modify the phrase to say “Find the Data!”  In fact, let’s call that Baby Step #1.  FIND THE DATA.

Information security is designed to protect information (or data).  So how exactly can we protect it if we don’t know where it is?

(Please pause for a moment to let the enormity of the question sink in….)

How many of you out there work for companies with extensive data maps?  My guess is probably no-one does. There may be a few of you out there that do, but most companies just make assumptions about systems needing to be secure, but pay no attention to the data stored on said systems.  Here’s why that is important.

Groups have tried to attach a cost per record should that record be stolen and part of a data breach.  The data backing up these numbers is so wildly varying that making any decisions based on the results are foolish.  It is a nice benchmark that can at least legitimize the cost associated with a data breach. And, more importantly, it quickly points out that if you don’t store the data, you don’t need to secure the data!!

So if you really go “Find the Data,” you will exit that tremend0usly difficult project with a good idea of how bad the situation is.  I promise you, it is worse than you think.  You will find data that will shock you into rapidly doing SOMETHING about the mess.  That is a vital tipping point to the whole process.  Now that you know what data you store, and where you store it, you can begin to securely destroy data you do not need, and evaluate options for the data you do.

For the data that you DO need (and really, ask the hard questions), you should fight to the death to protect it.  Centralized data is easier to protect than distributed data, but there are options to protect both.

Going about finding data in your enterprise looks like a daunting, near impossible task.  I would probably agree!  But spending the time to REALLY find it out will pay off in spades when you let someone else get breached.

This post originally appeared on BrandenWilliams.com.

  1. Hey, that education should be good for SOMETHING, right?!? []