Cover Your Assets: Protect Your Company’s Most Important Possession
It is a very common irony in the Information Security industry today that we tend to spend a lot of time making sure our technologies and devices are protected from attacks, but much less time actually directly protecting our data. To ensure that we are the best possible custodians of our organizations’ data, we need to make some slight adjustments to our focus to center our security controls and protection around that data.
Data losses and breaches are continuing to grow year-over-year, and the headlines are becoming ever more sensational – surely you have read a bit recently about the Target breach, and if you are like me, then your own personal financial health was put at risk through that breach. Since 2006, over 600 million records have been stolen and the average data breach costs a company $5.4 million, which translates to around $136 per record lost or stolen.
WatchGuard recently did a survey to better understand organizations’ concerns about data and we found that those concerns closely correlate to the regulations for each organization’s industry. 64% of organizations have a clear data sharing and usage policy, but only 30% use data loss prevention solutions to enforce that policy. And the top three biggest threats to their data were accidental leakers, criminal hackers and malicious insiders.
The accidental leakers are the largest concern, and these include both physical leaks, as when a device with sensitive information is lost, and digital leaks, such as when an employee sends an email containing sensitive data to the wrong person outside the organization. In addition, there are those few individuals that are unhappy at work and look to purposely leave with the company’s data. And we certainly cannot forgot the criminal hackers and their multitude of sophisticated techniques and tools to penetrate our networks and steal our data.
So what can we do to better secure our company’s data?
Here are 5 tips that you can implement in your business today:
1) Do a Data Inventory – understand what sensitive information the company stores, where it is located, why you need this data for business and who accesses this data and how they share it.
2) Create a Data Security Policy – prioritize data by sensitivity and decide who should have access and how, and don’t forget education for your employees as well as accountability.
3) Leverage Access Control – follow the principle of least privilege, utilize technologies such as authentication, IAM, and firewall solutions, and segment your network.
4) Use Encryption – encrypt data at rest with disk encryption and file encryption and secure data in motion with VPNs and email encryption.
5) Adopt DLP Technology – leverage mechanisms for preventing data from being disclosed to unauthorized personnel when that data is at rest, in motion or in use.
By the way, WatchGuard and SLPowers can assist you throughout this process of developing or updating your data security policies and technological controls, so please reach out to us as you start down this road to covering your most important assets.