Best Practices for Data Security
Cybersecurity is a more important field today than ever before. Let’s just get that established right away. Threats to personal data abound from without and within: hackers who target and infiltrate networks, insiders and employees who, intentionally or not, compromise their organization’s security posture. It is imperative that plans be made and reviewed in advance. In light of this, we thought it might be useful to give a rundown of some of the optimal security practices out there. These are intended to help you best protect stored data.
Strong security policies and practices
First, have a strong security policy in place before a breach ever occurs. Wherever data is used or stored, evaluate what the necessary protections are and deploy them. Assess the areas most at risk, most susceptible to compromise or theft, and identify any vulnerabilities that need fixing at all levels of your network. This includes determining the efficiency and necessity of your data collection habits. With the trend these days being to encourage reduction of superfluous data, you should consider which bits of data are really necessary for your operations. In addition, make sure you review your procedures for disposing of any data that is no longer in use.
Ask yourself other questions, too: do we have an incident response strategy if and when we are breached? Do our employees have sufficient familiarity with the procedures? What sort of data backup and recovery measures do we have in place? If you implement and review such strategies beforehand, you’ll be that much better positioned. Knowledge is half the battle, as they say – although for this article, technically it’s more a quarter of the battle.
A recent Forbes poll reveals that 94% of business leaders are extremely concerned about data breaches at their organization—although, unfortunately, only 76% said their plan involved little more than hoping they won’t get hit by such a security incident. The time before a breach is just as critical to an organization’s data protection posture as the period after. According to Forbes, if 10-20% of post-breach budgets were spent before the incident, it could have been prevented.
The next question is one of access. That is to say, who can access which parts of your network? As mentioned previously, employees must be up to speed with the organization’s security policies and strategies. Offering training on best practices will help in this regard. As will regularly checking in to make sure the instruction is heeded. Establishing a baseline for behavior and then constantly monitoring for anomalies can also be beneficial. Remember, insider threats are often a more prevalent factor in data security incidents, so don’t let it be your weak spot.
Now comes the issue of actually defending the network and the data within. At both the perimeter and endpoint, you need to deploy the standard lines of defense at the very least. That means antiviruses and firewalls, of course, as well as their proper maintenance, but also making sure any external or mobile devices that access the network are secure. Furthermore, outdated or legacy systems and applications can be another critical target for hackers – make sure wherever possible that these are upgraded and not neglected.
The final practice we will mention here is that last line of defense: encryption. Once an intruder gets through the perimeter, this becomes all the more crucial. Even if the data gets stolen, it proves completely useless if it’s indecipherable. Now, you might think this is a tool that everyone already utilizes, a no-brainer. And yet, according to a report from cybersecurity firm Zscaler, 91% of data transactions on Internet of Things (IoT) devices are unencrypted, while over 40% do not encrypt their traffic. Every so often you will therefore hear about a new headline where an unencrypted database was improperly accessed and its data put at risk or stolen. Most of the time this is an entirely preventable occurrence, and yet it occurs.
Of course, cybersecurity is not a matter of wholly eliminating all threats. Such a feat is not achievable. But it also is not something that can be ignored. By taking precautionary steps like these, however, organizations can at least mitigate their risks, and make it that much tougher for cyber criminals to carry out a successful breach.