[BreachExchange] 10 Data Security Management Tips to Prevent a Data Breach

Audrey McNeil audrey at riskbasedsecurity.com
Thu Dec 14 19:04:24 EST 2017


https://www.jdsupra.com/legalnews/10-data-security-management-tips-to-19615/

You may never suffer a data breach, but that doesn’t mean you shouldn’t
know how to prevent one.

With the number and severity of data breaches rising every year, it is
clear that all of us, from the biggest to the smallest company, could brush
up on our data security management.

You may never suffer a data breach, but that doesn’t mean you shouldn’t
know how to prevent one or be prepared for one.

With laws & regulations constantly changing over data protection and the
penalties becoming more costly, it’s time to start making data security a
priority.

In this short post, we are going to cover ’10 Data Security Management Tips
to Prevent a Data Breach’ so you can keep your business running smoothly
and securely.

Let’s get to it!

What is a data breach?

A data breach occurs when sensitive, protected, or confidential data has
been viewed, stolen or used by an unauthorized individual.

Data breaches may involve personal information or even trade
secrets/intellectual property.

10 Data Security Management Tips to Prevent a Data Breach.

1. Bring your employees in on your strategy.

In our previous post, we revealed that employees are most likely to
discover data security breaches, as well as actually cause them.

It is imperative that you bring your employees on board with your strategy
to improve security, but also recruit extra eyes to be on the look out for
potential breaches.

2. Update your BYOD policy.

It has become ‘cool’ and the norm to bring your own devices to work. In
many cases, businesses can benefit from this as they don’t have to supply
as much tech for employees.

However, by welcoming these other devices into the workplace you are also
opening the door for data security breaches through new end-point devices.

By updating your BYOD (bring your own device) policy you can ensure that
all devices brought in are following the same data security procedures as
your in-house tech.

Also be aware of any work related information being shared on personal
email accounts – we all have learned recently of how this can lead to the
leaking of sensitive information…

3. Social engineering training.

Even the most tech-savvy members of your team may fall for social
engineering attacks.

As users have gotten smarter and more aware of online scams, hackers have
had to up their game:

- New phishing methods often take the form of legitimate-looking requests
sent under the name of someone in an organization who the users trust.
- Young workers especially can fall into the trap of unintentionally
leaking sensitive data through social media accounts. Sharing details of
professional lives should be something that is addressed in the workplace
as it is a way data can be mined by hackers.

4. Be constantly expanding your knowledge.

Laws & regulations about data storage are constantly changing as are the
ways in which hackers attempt to retrieve it.

By constantly expanding your knowledge you can stay one step ahead of the
game to ensure that data is kept legally and safely.

This is also useful so that you won’t be keeping unnecessary data.

5. Nail the basics.

You would be surprised how many data breaches could be prevented by staying
on top of the obvious and basic principles of data security management.

Don’t forget to apply the follow rules to your entire organization.

- Don’t open email attachments from unknown senders.
- Don’t use external USB drives.
- Implement firewalls and antivirus software on every endpoint device.
- Keep your software up to date to avoid zero-day vulnerabilities.
- Third-parties are often the weakest link in data security: ave strong
data security policies in place.

6. Have a well thought through, quickly executable emergency plan.

You think a data breach will never happen to you or your organization, that
you have the tightest data security on the planet but the reality is if you
do not have an emergency plan you leave yourself vulnerable.

One of the ways you can do this is to have a data breach attorney on stand
by who you know you can contact if things go wrong.

7. Know your network inside out.

Where is the data stored? How is it protected? What are your encryption
processes?

Networks can get complicated fast, but if you don’t understand the ins and
the outs of yours then chances are you won’t know how to properly protect
it.

Sitting down and mapping out your current infrastructure will help you get
a grasp of what needs to be done to ensure maximum security of data being
stored.

8. Use an adblocker.

One of our quick and simple data security management tips is installing an
Ad Blocker on every device in your network.

Ad blockers are extremely powerful tools with a wide range of benefits:

- Prevent unwanted websites/pop-ups from opening on a browser.
- Eliminates distraction for employees.
- Can actually increase load time and decrease data usage.

Asides from a more productive workforce, you can also prevent employees
from opening fraudulent pop-ups that could lead to a breach in data
security.

9. Network with other data security managers.

When having a business lunch or attending a networking event, very rarely
does data security management come up (unless a scandal or tragedy is
involved.)

By discussing with other teams and managers about data security you may
actually learn a lot of practices and tips that you can implement in your
own business.

Every network has different needs and faces unique challenges, by learning
about other infrastructures you may just come up with new ideas to
strengthen your own.

10. Hire a professional.

For many small-medium businesses, a Data Security Manager is not the first
new job position they think to recruit once the money is available.

However, the penalties and high costs of a data breach could be
significantly higher than the salary of bringing a professional on board
your team.

It is better to implement preventative efforts rather than regretting not
doing so later.

It can’t be emphasized enough, that business need to follow best
practicesand be aware of data breach notification laws. Data breaches can
be costly both in terms of lost business from loss of consumer confidence,
required notifications and straight-forward costs in terms of litigation
costs and the costs of responding to government investigators.

Going forward.

Data security can be a daunting process and it’s not uncommon to feel like
you are not doing enough.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171214/5740526c/attachment.html>


More information about the BreachExchange mailing list