[BreachExchange] 5 Essential Best Practices for Keeping Your Company’s Data Secure
Destry Winant
destry at riskbasedsecurity.com
Tue Jan 29 01:22:25 EST 2019
https://www.smallbiztechnology.com/archive/2019/01/5-practices-keeping-company-data-secure.html/#.XE_uH-HYrnE
At a time when massive amounts of data are being collected, it’s
daunting to think of the right security strategy to effectively
protect all sensitive company information. While there’s a long list
of steps you should take to protect your company’s data, here are the
five most essential. These including watching out for insider attacks,
engaging employees in security training and awareness, and more.
Keep an Eye on Internal Threats
When we think of the malicious actors in the world of cyber security,
we usually think of hackers or other external threats. It’s critical,
of course, that companies monitor against such threats, but they
shouldn’t forget to watch for internal threats as well. An internal
threat is someone within the company, such as an employee, who has
access to company servers and data. The truth is that internal
threats, not external, make up the majority of security breaches.
According to a 2018 report by CA Technologies, 90 percent of
organizations feel vulnerable to inside attacks. Such attacks can be
deliberate–as when a Tesla employee deliberately stole and sabotaged
company data–but they are often unintentional. Risk factors for
insider attacks often lie within the structure of the company
itself–for example, excessive privileges given to users, too many
devices with access to sensitive data, and complicated information
technology. These threats can be reduced with improved employee
security training and a clear company policy about who has excess to
which data or devices.
Set Clear Employee Security Training Standards
Your company should adopt a clear set of security guidelines and
should educate employees in matters such as how to appropriately
handle confidential information and how to respond to suspicious signs
or behavior.
There are several steps employees can take in preventing both internal
and external breaches. Employees should be taught to lock up sensitive
information when they step away from their computer; to avoid
downloading emailed files or clicking on links that are unexpected or
that don’t come from a trusted source; to use strong passwords; and to
always keep devices close at hand when outside the office. Training
employees in these matters should be a core part of basic employee
onboarding.
Adopt a Unified Security Policy for All Data
Data, both structured and unstructured, ends up everywhere–in
databases, files, mainframes, the cloud, and more. Because of this
enormous amount of data, bits and pieces of it can become forgotten.
Keeping your company secure means not just protecting the biggest
files and databases, but also protecting every little bit of company
data–even that unstructured data that easily slips through the cracks.
To guarantee wide-reaching data security within your company, it’s
essential to have a single cyber security strategy for all your data,
no matter the location. This will ensure that you won’t have to
monitor your data separately, that you won’t leave any data unnoticed
or undetected, and that you receive and respond to threat alerts right
away.
Encrypt All Company Data
Data is particularly vulnerable when it’s not encrypted, because it’s
easily readable by hackers and other malicious actors. Encrypting your
data, on the other hand, ensures that even when malicious actors do
get their hands on your data, they won’t be able to read it–and,
therefore, won’t be able to access sensitive information.
Companies should not only ensure encryption within the office, but
should also make sure employees encrypt data when working outside the
office or when connecting to other company systems remotely. As part
of employee security awareness training, your company should teach
users to go through a secure tunnel such as a VPN.
Comply with Security and Privacy Regulations
Compliance with privacy regulations is certainly beneficial to
consumers, but it helps your company as well. Regulations like GDPR
force companies to prioritize compliance–and, with it, data
security–more than ever before.
Setting aside a dedicated team to check for compliance will also help
ensure your company finds weak areas of security of that it can make
the necessary adjustments. Constantly monitoring and making
improvements to your security strategy, rather than passively leaving
a security solution in place, is core part of protecting your
company’s data.
Summary
Creating a solid cyber security strategy is just as much a priority as
developing and marketing your company’s product. Watch out for
internal and external threats, engage and train employees in security
awareness, and keep a team on hand to follow up on crucial security
compliance regulation. Make sure to have a single security strategy
that reaches all your data, and keep data encrypted as a second
defense against a breach. By taking these steps, you can ensure a more
secure–and successful–company.
More information about the BreachExchange
mailing list