[BreachExchange] Addressing Data Security and Privacy Challenges

Audrey McNeil audrey at riskbasedsecurity.com
Thu Mar 30 18:56:12 EDT 2017


https://cloudtweaks.com/2017/03/addressing-data-security-privacy-challenges/

DATA SECURITY AND PRIVACY

Data privacy and security is a challenge for all businesses in today’s
tech-driven world, and business leaders find themselves continuously
addressing new threats and updated regulations. Though established
organizations can often enlist the help of external service providers, or
rely on well-established internal IT teams, startups and small businesses
don’t always have the resources, both cash and human, to do this. There
are, however, cost-effective ways to manage data and protect against
breaches.

Visibility

It’s necessary for IT to have a view of what everyone in the company is
doing with data, how they’re using it, what tools are in place for storage
and sharing, and what access limitations and authentication procedures are
in place. This can be tricky when considering the cross-over between
personal and business devices, and growing workforce mobility can further
obscure the tracking of data. A very simple, but serious, issue is the
synchronization of data across devices; unknowingly, employees may be
introducing the risk of data breach. The first step to managing visibility
of data is implementing data security policies and sharing guidelines. It’s
as important for employees to understand what they can and can’t do with
data as it is for those securing data to know where it’s stored, how it’s
encrypted, and who should have access.

Traditional Antivirus Isn’t Enough

Though antivirus and anti-spam tools shouldn’t be discounted, they don’t
offer enough protection for business data security, particularly
considering the continued move to cloud and mobile working solutions.
Experts recommend protecting information from the inside out rather than
relying on external defenses, and this requires monitoring of where data is
kept, how it’s used, and how it’s shared, in order to prevent data
breaches. Once attackers break through security systems, they’re often
allowed plenty of time to wreak havoc because their entry isn’t recognized
until they deliberately make it known. Real-time monitoring of data ensures
breaches are identified immediately, allowing for swift defensive action.

Education

Staff training has its benefits for every business, but for startups that
potentially have employees scattered across locations it’s imperative that
sensible cyber practices are in place. Many of these would be considered
fairly basic concepts, but it only takes one slip-up to bring down an
entire organization. Teaching staff about strong password practices, only
to use trusted Wi-Fi networks, and never to leave devices out of their
control, can help mitigate risks and protect sensitive data.

Further training on types of cyber attacks that exist is also of benefit,
as awareness helps employees utilize technology more carefully. Providing,
for instance, an understanding of ransomware and how it threatens an
organization can entrench rules such as not opening suspicious attachments,
ensuring links are valid before clicking on them, backing up data
regularly, and never plugging in unfamiliar USB drives. Breeding a culture
of constant vigilance is one of the easiest and most cost-effective methods
of securing data.

Recognize Value

Though many small businesses consider themselves too insignificant for
cybercriminal awareness, experts acknowledge that, in fact, they can be key
targets because they’re identified as often lacking the necessary security
implementations. Though security resources may be lacking, a quick fix is
to define critical business assets and ensure these are adequately
protected first. Every business has something that makes it unique and
valuable, and it is precisely this which makes them a target. If necessary,
considering outsourcing the security of critical assets.

>From strong encryption of sensitive information to continuous monitoring
for suspicious or potentially harmful actions, the many methods of
protecting data needn’t be costly but will require thorough investigation.
There are also many cloud solutions available with their own protection in
place, and though they come at a cost they are typically flexible and
scalable, thus suiting startups and small businesses from foundation,
through growth, and to maturity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170330/55f12e1a/attachment.html>


More information about the BreachExchange mailing list