With the continuation of high-profile data breaches, many of which were caused by compromised privileged access and credentials, it’s crucial that organizations control, manage, and monitor privileged access to their networks to mitigate that risk. This blog is to tell us that many companies can’t adequately manage the risk related to privileged access. Insider breaches, whether malicious or unintentional, have the potential to go undetected for weeks, months, or even years – causing devastating damage to a company.
Securing stored data involves preventing unauthorized people from accessing it as well as preventing accidental or intentional destruction, infection or corruption of information. While data encryption is a popular topic, it is just one of many techniques and technologies that can be used to implement a tiered data-security strategy. Steps to secure data involve understanding applicable threats, aligning appropriate layers of defense and continual monitoring of activity logs taking action as needed.
- Implement a tiered data protection and security model including multiple perimeter rings of defense to counter applicable threats. Multiple layers of defense can isolate and protect data should one of the defense perimeters be compromised from internal or external threats.
- Include both logical (authorization, authentication, encryption and passwords) and physical (restricted access and locks on server, storage and networking cabinets) security. Hopefully, the closets in your facility for cleaning personal and their tools are separate from where you keep your storage and networking cabling and tools. Physical security includes maintaining a low profile. For example, if yours is the only building with lights on during a heat-wave-induced electrical power blackout, at least turn your outside lights off as well as other lights that can be seen from the outside so as to not draw unwanted attention.
- Logical security includes securing your networks with firewalls, running antispyware and virus-detection programs on servers and network-addressed storage systems. No storage security strategy would be complete without making sure that applications, databases, file systems and server operating systems are secure to prevent unauthorized or disruptive access to your stored data. Implement storage system based volume or logical unit number mapping and masking as a last line of defense for your stored data.
- Speaking of physical security and access controls, change your key-code or door-lock combinations regularly, informing only those who need access. You might be surprised who stops by to ask for the access for the combination or password for something that you did know that they had access to in the first place.
- Some storage and networking tools will encourage you to change management passwords at initial installation. I hope that this sounds like common sense, however, due diligence is to say the obvious — change default passwords at installation and on an ongoing basis. Likewise, restrict access to management tools to those who need it.
- Know who has physical access to fixed and removable data-storage media and devices. Leverage access logs as well as perform background checks of contractor and third-party personnel who will be handling your data and media. Identify where weak links are in your data-movement processes and correct those deficiencies. Data-discovery tools can be used to identify sensitive data that may not be adequately protected.
- If you are currently moving data electronically to avoid losing tapes or are planning to, then make sure data being transmitted over a public or private network is safe and secure. Some techniques to protect data while in-flight include encryption, virtual private networks and the IPSec protocol.
- Data encryption is a topic people in the industry like to talk about, however, like other technologies, wide-scale mass adoption has been elusive. However, as a trend, encryption — in some shape or form — is here to stay and most likely is in your future. There is plenty of debate as to when (at rest, in flight), where (storage, network, appliance, servers) and how (hardware, software) to implement encryption. For now, consider what the level or depth of encryption you need to counter your applicable threats. Also, consider how key management will be performed for your environment. In addition, consider the potential effect on performance and interoperability for your environment when looking at data-encryption technologies
- Avoid letting data security become a bottleneck to productivity, because that is a sure way to compromise a security initiative. The more transparent the security is to those who are authorized to use the data, the less likely those users will try to circumvent your efforts.
- Do you know if your data is safe, and do you know where your data is? See that backups and archives are secure, including the process of performing backups and recovery, along with where and how the data is stored. Consider how you will handle key management in a DR situation as well as for long-term retention. Have an understanding of how you will be able to unlock your data for regulatory compliance and archived data.
How To Enhance Data Security
The world of cyber security is progressing at a huge speed and in at the same time, improvements in technologies are becoming increasingly better at assisting the hackers and cyber-criminals to exploit data security loopholes. The constant increasing graph of cyber security attacks are a major concern for internet users and business organizations. And they should be!
One recent example of the growing scale of such attacks is the recent ransomware attack known as WannaCry. It was one of the largest attacks in recent years affecting a large number of businesses all over the world. Here’s where the question arises; ‘why have both large and small businesses been affected and influenced by this attack?’. It seems like the world is starting to see that increased security measures are not just a matter of protecting data, but in protecting data, we are protecting the very infrastructure of our business.
There are many ways organizations can protect their business from cyber-attacks. The article is from a Privacy End post which outlines several measures including; updated software, improved technologies, skilled employees and pre-planned precautionary measures.
Limit Data Access
Most of the organizations give privileged access to their sensitive data to a number of employees and insiders. Think about who in your organization has access to sensitive customer data? Can you identify everyone’s access rights? Most company executives are unaware of the details about individual employees who have access to data and why they access it. This is a huge risk to data loss, theft and hacking.
This means it is necessary for businesses to limit the data access. Organization’s should determine what an employee needs access to and ensure they have access to only what they need. Not anything else. These all limitations could help organizations to manage their data more efficiently and ensure it is being safeguarded from theft or loss.
Identify Sensitive Data
For companies, it is really important to be aware of where their most important data and sensitive business information lies. This will ensure you have the right information and allocate more resources to protecting your most sensitive and crucial assets.
Although sensitive business data is only probably around 5-10% of your total business data, a data compromise involving sensitive or personal data could result in an immense loss of reputation and revenue to a company. If we go back to access management and rights, we should be putting more strict measures on sensitive data over other business data.
Pre-Planned Data Security Policy
When looking at the operations and processes needed to mitigate a cyber-attack, an important step is to prepare a list of security measures and data security policies. This sort of plan by an organizations could help significantly in critical situation and times of incident response. Through policies, you can immediately react in order to prevent extreme impacts of a cyber-attack.
As with access management and rights, employee access could be identified easily and you would remain aware of which users in your organization could have potentially been breached. It’s important to remember that a policy and process plan is only as good as it’s last revision. Technology, industry regulation and best practice is always changing. Someone therefore needs to own this policy and process guide and always look at new ways of updating it to keep it relevant.
Strong and Different Passwords for Every Department
Sensitive data in an organization should be locked away with strong passwords. Making stronger passwords is necessary for fighting a number of password hacking tools that are easy to get on the market. Try ensuring that there are a combination of different characters including alphabets, numbers, symbols and other capital letters.
Additionally, using the same passwords for different programs and access is also a risk. Once your password is cracked, a hacker will try the same password on all major accounts you own.
Therefore, organizations should keep unique passwords for all employees as well as the departments. This can be easily managed using a password manager tool and ensuring that all employees receive proper data security training and password tips.
Where possible, it is also advised that multi-factor authentication is used. Adding another step to a password login means another step that hackers need to crack, making the hack much more unlikely and difficult. Some good examples of multi-factor authentication include biometrics, push notifications to phones, smartcards and token authentication.
Regular Data Backup and Update
Last on the list of important data security measures is having regular security checks and data backups. For an unexpected attack or data breach, it is really helpful to have an organization back up their data. To have a successful business, you must keep a habit of automatic or manual data backup on a weekly or daily basis.
In addition, the data should be protected through updated software and efficient antivirus tools. However, to attain this, you must have progressive and efficient IT department. Make sure you are hiring someone with the right skills who you can trust to do the job properly.
Becoming a successful business is a difficult task, but sustaining yourself is much more challenging. In today’s world of immense cyber security risks it is really important for you to be pre-equipped with the security tools and privacy enhancements that are needed to safeguard your most valuable asset – your data.