[BreachExchange] 4 Steps You Can Take Right Away To Safeguard Your Company’s Data

Audrey McNeil audrey at riskbasedsecurity.com
Tue Sep 26 19:12:43 EDT 2017


http://www.bitrebels.com/technology/four-steps-safeguard-companys-data/

When it comes to protecting their data, enterprises should not think twice
in terms of the measures that need to be taken or the budget that needs to
be allocated. Regardless of the size of your business, it is imperative to
fiercely protect sensitive data such as your customer’s’ private
information or your company’s financial records.

Ever since companies started networking with their international peers, the
data that was once cozily sitting within the warm enclosure of its own
enterprise is now severely exposed to hackers, and ultimately to loss,
 insider threat and even ransomware. Since a company’s stakes are not
comparable to those of an at-home user, neither should be the means to
combat these cyber threats – a firewall and a stronger password simply
won’t cut the mustard. Let us look at four of the best-in-class measures
that companies can opt for to protect their data.

1. Invest In Data Encryption

This is one of those terms that get swung around everywhere in your
environment but is not ever clarified to its full extent. Data encryption
is basically one of the best methods around that can be used to build armor
around your data and prevent seriously damaging events. In order for it to
reap maximum benefits, it needs to be applied to all your devices and to be
used together with other data protection measures.

For example, you can protect moveable parts such as USBs and external hard
drives, in order to keep them safe from potential thieves or unwanted third
parties. Whenever you have a business outing, it is also advisable to not
leave your sensitive data on the hands of a public WI-FI, but rather
connect to a third-party VPN that encrypts the information. To this extent,
your own internet service providers may be targeted so it’s best to prevent
any unpleasant scenarios.

When it comes to your drive, know that it can do with more than a simple
password, especially if it is physically stolen – this is why it’s crucial
to go with data encryption for it as well. Although this option is on the
pricier range, you need to consider that the possible losses far outweigh
the premiums for data encryption.

2. Do Not Underestimate Patches

We all know how annoying it can be when you’re knee-deep in work on your PC
or laptop and a window pops up prompting you to upgrade your system. In
most cases, you will blink it away and postpone it endlessly as if it’s a
pointless nuisance. On the contrary, upgrades and patches were created
especially with the intent of addressing past vulnerabilities that hackers
already spotted and prayed on. Fortunately, operating systems periodically
offer their users patches that don’t require much time or skill to be
applied.

3. Perform Periodical Penetration Testing

Otherwise known as pen-testing, penetration testing is a safe way to test
your IT infrastructure and see where the cracks lie. Pen-testing will
basically identify any issues, ranging from those related to the operating
systems and configurations to non-compliant end-user behavior. By having
access to the reports made in conclusion to this testing, you will then be
able to take appropriate decisions for your company’s future as to avoid
potential costly downtimes and extravagant fines. The more often you
perform this penetration testing, the more hassle-free it will be for your
business will be down the line.

4. Don’t Shy Away From Network Monitoring

They say that you can’t fix what you can’t measure. This is a saying that
beautifully applies to cybersecurity as well and supporting this is the
good, old-fashioned network monitoring option as another great way to
protect your data. With a network monitoring tool that is right for you in
terms of budget, you can easily keep track of any failing a server, router
or network may have. These tools set in place thresholds that when reached
launch fault management processes that will deal with the specific issue.
Among others, you will also be provided with information regarding the
down- and uptime, response time to users and error rates.

When thinking long-term for your company, having a solid data protection
system in place should rank above anything else you have in plan. Consider
all the options above and if your budget allows, be sure to mix and match
in order to remain invulnerable when faced with major threats. Even more
so, when it comes to business it’s simply better to be safe than sorry.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170926/306742e7/attachment.html>


More information about the BreachExchange mailing list