The year 2014 was dubbed ‘the year of the data breach’, but it looks like 2015 will meet or surpass it in terms of the numbers, sizes, and severity of the data breaches. Astoundingly, when the reasons behind the breaches come to light, it was almost always due to a lack of taking cyber security seriously. What will it take for people to step up and take action? Here are the ways you can assure your organization doesn’t experience the same fate.
Be Aware of the Potential for Insider Threats
The devil isn’t always on the outside looking to get in; sometimes he’s already in looking at all the harm he can do. Whether you hail Edward Snowden as a hero or curse him as a traitor, there is no denying that his case illustrates what a contractor or rogue employee can do. Be sure your security solutions address insider threats as well as outside intruders.
Review Privileged Users Often
Contractors, temp employees, third-party vendors … there are a lot of folks gaining access to your systems on a regular basis. What about the contractor who has high-level access to your systems and shares his passwords with his workers and secretary and even his temp workers? Frequently review who has privileges and revoke access that isn’t necessary.
Require Strong Passwords & Frequent Password Changes
People hate long, hard-to-remember passwords. That’s too bad. Long passwords with a variety of upper and lower case letters, numbers, and special characters do not assure that nobody can steal or break a user’s password, but it does make it especially hard. Also, require that passwords are changed frequently so that if one does end up in the wrong hands it doesn’t work for long.
Make Sure Your Team Understands How Your Security Tools Work
Unbelievably, a lot of businesses invest in security solutions that end up as shelfware. Once they’ve bought the product and realize what it would take to install it, keep it updated, and keep it monitored, they give up for a lack of workers, time, and resources. Just as bad are businesses that set up security tools but fail to configure the tools properly because they don’t understand how to use the product. Get whatever help you need to assure that your security tools are set up and working properly and that you have the right monitoring in place to detect and thwart intruders.
Take Application Vulnerabilities Seriously
Another all-too-common problem is launching applications with known security vulnerabilities. Whether the product is homegrown or built and managed by a third party, application vulnerabilities are serious problems. Insist that security vulnerabilities are addressed before installing and using the product.
Develop an Incident Response Plan & Make Sure It’s Practiced & Understood
Antivirus software, firewalls, and other security tools do offer something of a parameter barrier to intruders, but the most sophisticated attackers just aren’t stopped with these measures anymore. A robust security solution includes network, application, user, and system monitoring, and is backed by a thorough incident response plan. If the team doesn’t understand the plan, that’s as bad as not having one, because nobody will know what to do if an intruder is detected.
If data security is too much to handle in-house, the best option is to partner with a third party data storage provider that is able to secure your data with the right tools and monitoring solutions. Learn more about Bigstep today.