INSUBCONTINENT EXCLUSIVE:
Data security breaches at major corporations seem to be perpetually in the news
The hacks range in size and scope, but it no secret that firms hit by hackers often suffer serious consequences.What can you do to help
prevent your organization from becoming tomorrow cyber-breach news headline? Here are 18 pointers:Educate all employees on the importance of
Explain the need to avoid risky behavior such as downloading music or videos from rogue websites
Once employees understand that criminals want the data with which the employees work, their thinking changes in ways that can make the
organization data much safer than before.
Understand what data you have and classify it
You cannot secure information if you do not know that it exists, where it is stored, how it is used, how it is backed up, and how it is
Make sure you know those things about all of your sensitive information
Because not all data is equally sensitive, make sure to classify data according to its level of importance.
Do not give every employee
access to every system and piece of data
Create policies governing who has physical and/or electronic access to which computer systems and data, and implement procedures, policies,
and technical controls to enforce such a scheme
Authorize people to access the data that they need in order to do their jobs but do not provide them with access to other sensitive
data.
Consider moving sensitive information and systems to a cloud provider
Unless you have an adequate information security team, the odds are pretty good that a major cloud provider will do a better job than you at
securing your system and information against various risks.
Enable remote wipe
All portable electronic devices on which sensitive information will ever be stored should have remote wipe capabilities enabled.
Give
everyone his or her own access credentials
Ensure that each person accessing a system housing sensitive information has his or her own login credentials.
Ensure that everyone uses
proper passwords to access such systems
People like to use easy-to-remember passwords; without policies and technology to enforce the selection of proper passwords, organizations
are at risk of having passwords such as &1234& being the only line of defense against unauthorized access to sensitive information
So, craft proper policies and implement technology to ensure that the policies are properly enforced.
Go multi-factor
For accessing systems with especially sensitive information, consider implementing some form of strong, multi-factor authentication.
Deal
Make sure that you have policies and technology in place to address the many risks created by employees, contractors, and guests bringing
personal devices into your facilities and connecting to corporate networks
All access to the Internet from personal devices or devices belonging to other businesses should be achieved via a separate network than is
used for company computers.
Encrypt sensitive data when storing it or transmitting it
There are many commercial and free tools available to do this & some operating systems even have encryption capabilities built in
As you probably suspect, if you are not sure if something should be encrypted, encrypt it.
Backup
Most people and businesses do not backup frequently enough, and many (if not most) will not realize the danger of their mistake until it is
too late.
Keep your backups separate from production networks
If ransomware gets onto one of your production networks, it could corrupt any backups attached to that network
Maintain offsite backups in addition to onsite backups.
Create appropriate social media policies and enforce them with technology
As so many organizations have learned the hard way, policies alone do not ensure that employees do not leak sensitive information or make
otherwise inappropriate social media posts; implement technology to help with this task
Remember, many serious breaches begin with criminals crafting spear-phishing emails based on overshared information on social media.
Comply
with all information security regulations and industry standards
Consider such regulations a baseline & but not rules that if adhered to will offer adequate protection
GDPR, for example, is a regulation for which many businesses still need to prepare.
Use appropriate security technology
Do not just buy the latest and greatest
Acquire and utilize what you actually need by defining functional and security requirements and selecting security controls accordingly
On that note: All computers and mobile devices that handle sensitive information or ever connect to a network to which devices that house
sensitive information connect need have security software installed.
Ensure that technology is kept up to date
Besides keeping security software current, make sure to install patches to server and client-side operating systems and software
Many major vendors have automatic update services & take advantage of these features.
Keep IoT devices off of production networks
Treat Internet of Things devices as if they were a special class of risky BYOD devices & and keep them on their own networks
Only purchase IoT devices that have proper security capabilities such as the ability to be patched and to have default passwords changed
upon installation and activation.
Hire an expert to help you
There is a reason that businesspeople go to doctors when they are ill and don&t try to perform surgery on themselves, or utilize the
services of lawyers if they are being sued or accused of a crime
You need experts on your side
Remember, the criminals who are targeting your data have experts working for them & make sure that you are also adequately prepared.
While
there are no guarantees when it comes to information security & even the most security-conscious organizations still face some level of risk
& by following these 18 tips, you can greatly improve your odds of fending off hackers who seek to steal your organization confidential
information.To read this article in full, please click here
