[BreachExchange] 3 Foundations of a Data Security Strategy

Destry Winant destry at riskbasedsecurity.com
Mon Mar 29 10:17:11 EDT 2021


https://securityboulevard.com/2021/03/3-foundations-of-a-data-security-strategy/

Data is one of the most important assets your organization has, and
protecting it is no longer optional. Cyberattacks can come in multiple
forms, including outsider attacks such as phishing or malware, as well
as insider threats via social engineering attacks, unauthorized file
sharing or physical theft of company devices. A robust data security
strategy is an essential requirement to protect your company’s
sensitive data and keep intruders away.

Data breaches can harm your company in multiple ways, including hefty
fines, loss of consumer trust, and reputational damage. Thus, it is
necessary to take steps to mitigate the risks of a data breach,
regardless of industry or the size of your business.

The ongoing COVID-19 pandemic and the urgent shift to remote work has
brought new risks and threats to data. With your employees working
from home, unsecured personal devices, routers and WiFi networks have
become factors and attack vectors that could lead to data breaches. As
work-from-home (WFH) is here to stay in the long term, you need to
make sure that your security practices cover this scenario, too.

Here are three essential ways for your company to ensure that
sensitive data, such as customers’ personal information or
intellectual property, stays safe.

Use a VPN

Using a virtual private network (VPN) for remote work and distributed
teams is among the easiest and most-recommended ways to ensure your
data doesn’t end up in the wrong hands. Touted as a privacy and
security must-have, a VPN protects data from attackers who try to
intercept network communications and get access to that data. It is an
easy and cost-efficient method for creating a secure connection and
adds a protective encryption layer for all data that is moving between
your company’s core systems and employees’ devices. In this way, your
remote users can safely access the company’s network and services, as
the transmitted data is encrypted, the IP address is hidden and the
location of the sender is masked. Some VPNs also offer military-grade
256-bit data encryption.

However, if you’re using VPNs, it is essential to check that they are
patched and have the required capacity and bandwidth to handle all
employees working remotely at the same time.

Deploy a DLP solution

Data loss prevention (DLP) solutions are another essential part of any
successful security strategy. Such a solution will help you mitigate
risks that originate within your organization and reduce the risk of a
data breach, especially those caused by human error. A DLP software
solution protects confidential data directly, regardless if it is at
rest (stored) or in motion (being transferred). It allows you to
discover and monitor confidential data such as protected health
information (PHI) or personally identifiable information (PII) and
prevents unauthorized disclosure of that data by creating and
enforcing security policies.

With a full DLP solution, the risks of data loss, data theft and
misuse is reduced considerably, even when your employees work from
home. These threats can be prevented at their earliest stage with a
DLP solution applied to endpoints: when users deliberately or
accidentally initiate transfers of sensitive data from their devices.
DLP can also limit or block the use of USB and peripheral ports, thus
reducing not only the risk of data leakage but that of malware
infections through USBs, too.

Compliance with data protection regulations such as GDPR, CCPA, PCI
DSS and HIPAA can also be more easily achieved or maintained with a
well-chosen DLP software suite that offers predefined compliance
profiles, as well as the option to define customized compliance
templates.

Encrypt Sensitive Files

Encryption is another powerful and useful tool in a data security
arsenal that can help your company secure data both from malicious
outsiders and careless insiders. It is also considered an important
step toward compliance with various data privacy laws, and it can be
used to safeguard data at rest and in motion.

By encrypting sensitive files, you can ensure that only authorized
persons can access them and see their contents. It is also helpful if
a device is lost, stolen or forgotten, as it renders the data stored
on them valueless to anyone who tries to access it without a
decryption key.

Hard drive encryption is also available, and it is included in the
most popular operating systems: BitLocker in Windows and FileVault in
macOS, for example. By encrypting corporate computers’ hard drives,
you can ensure that no matter how a device is booted up, outsiders
cannot access to data stored on it without a decryption key.


More information about the BreachExchange mailing list