[BreachExchange] How To Truly Keep Your Company's Data Safe From Hackers

Audrey McNeil audrey at riskbasedsecurity.com
Wed May 2 10:06:46 EDT 2018


Protecting your company's data should be a top priority. Likely, data
protection already is a top priority. That's why you invested in various
means of keeping hackers out of places they don't belong. Unfortunately,
hackers somewhat deserve their reputation for being dubiously resourceful.
A business' computer network often represents a treasure trove of data for
them. So, hackers work hard at figuring out how to breach the even
highly-sophisticated layers of security. That does not mean, however,
hackers will be successful with their every attempt. Equally sophisticated
anti-hacking measures exist, and so do a few simple ones. You just need to
put them to use.

Bring the Staff into the Mix

Issues surrounding computer security should not solely involve discussions
between the management and network professionals. Employees and contractors
must be included into the loop as well. Informing anyone and everyone about
computer security and anti-hacking steps becomes beneficial to any plans to
reduce the potential for a security breach. Making assumptions that the
staff already knows basic things about computer security could turn out to
be a disastrous assumption.

An employee with a lifelong habit of using easy-to-guess passwords won't
exactly change that habit without prompting. Often, in-house errors and
poor procedures open doors for hackers. Improvements won't likely be made
unless resources are spent to cover proper training.

Spare No Expense on Encryption

Data encryption keeps hackers -- and others -- from being able to read or
otherwise decipher material. Accessing encrypted material would be similar
to trying to read a foreign language. Actually, there is one more
significantly difference. Foreign languages can be translated. Encrypted
data would be nearly impossible to translate. So, it becomes beneficial for
a company to procure the best possible encryption tools to further
frustrate anyone attempting to access secure data.

Look for the best and most sophisticated tools available. Don't rely on old
and outdated ones. The present time may be perfect for an overdue upgrade
of the company's current encryption programs. Don't delay on that upgrade.

Protect More than Customer Data

Customer data, namely credit card and personal information, can be greatly
prized by hackers. Taking strong steps to protect the data of customers
isn't enough though. You must be mindful of securing employee, contractor,
and any third-party information secured in other divisions of a company.
The human resources department likely possesses names, addresses, and
social security numbers of employees. The accounting office probably houses
bank account information so as to facilitate payroll deposits. Clearly, it
would be a good idea to keep such information protected.

Anti-hacking tools and rules must protect the entirety of the computer
network. Resources and attention should not be directed towards one area at
the exclusion of others.


Outside some exceptions, most website's -- both commercial and
noncommercial -- utilize HTTP instead of HTTPS. Maybe the time has arrived
to rethink that practice. Since HTTPS increases security levels immensely
thanks to traffic encryption. A business' website can employ the more
secure HTTPS process by utilizing a secure socket layer (SSL). Again,
business should take as many steps as possible to increase security.
SSL/HTTPS might help the cause.

Work with Security Professionals

Perhaps a good plan would be to bring in an expert to determine the true
security level of a business' network. A security specialist can look for
obvious security flaws as well as ones that may not be so obvious, but
still create risks. A security professional's insights could help guide a
company to being more careful in the future. Equally helpful would be the
specialist's pointing out of immediate problems that must be quickly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180502/c71bcf66/attachment.html>

More information about the BreachExchange mailing list