22 Oct Safeguarding your company data
Data is by far your most valuable asset. Safeguard it!
All organisations, irrespective of size and sector they operate in, run on data. Decisions are taken based on data. Employees work with data. Data is core to any business operation, therefore it should be protected against unauthorised access at all times. Data encryption, hashing and tokenisation are some of the most commonly used practices to secure data across applications and systems.
When securing data always focus on three pillars, namely: people, processes and technology. Whether protecting a brand, Intellectual property, or client information, always be proactive and have incident detection and response well set out in place.
Data storage (on premise or on the cloud), big data platforms, and data across software applications are all use cases that need to be part of the organisation’s data security strategy. Cloud data security starts with the correct configuration of the cloud and never ends, with ongoing monitoring.
Cloud data security, data encryption, payments security, mobile app security, web browser security and email security are the major areas of a data security strategy. Data is to be safeguarded for its integrity and privacy, at capturing point, in transit and in storage. Effective information security starts at the design phase. Applications should have a strong focus on security to keep hackers from accessing data, which in turn can be leaked, stolen or compromised. Increasingly organisations are deploying wider digital surfaces with various touchpoints that can all be points of failure.
Information security needs to be implemented for every touchpoint (in addition to the obvious centralised protection). It should cover a wide array of contexts from networks, to mobile computing, to email systems and servers. Intruders will constantly try to find weaknesses, to get their hands on sensitive data. Vulnerability assessments and penetration testing need to be regularly executed to pinpoint holes before malicious actors take advantage of them.
Applications need to have a security layer by design and operationally, security practices such as the granting of permissions (access rights) to users and encryption of data in storage are to be continually managed.
Business continuity and disaster recovery policies need to be in place to guide an organisation, in case of a cyber security incident, to restore operations to continue operating ‘as normal’. Human error is another aspect which can lead to a data crisis. End user education addresses factors such as identification of viruses and other malware, understanding the various cyber threats, identifying suspicious phishing emails and avoiding malpractices such as visiting insecure fake websites and plugging in external drives to the company’s network system.
Cyber Threats are evolving at a rapid pace
Last year it is estimated that more than 8 billion records were exposed by data breaches according to a Risk Based Security report. The sectors which were mostly hit were health and medical services, public entities and retailers. Some sectors are more appealing to cyber criminals because they collect vast amounts of financial and medical data. The goal of hackers can be corporate espionage, holding the organisation to ransom and selling stolen data sets on the dark web. Budgets need to take into account (ongoing) investment in information and cyber security practices. Security frameworks would include continuous real time monitoring of all digital assets of an organisation.
The most common ways by which cyber criminals are attacking organisations include the spreading of malware which disrupts and damages systems, the use of ransomware which freezes data with the threat of permanently deleting it if a ransom fee is not paid, SQL injection whereby hackers exploit vulnerabilities to inject malicious code into a database to access and steal data, phishing attacks used to dupe users into handing sensitive information such as credit card details and man-in-the-middle attacks whereby hackers intercept data exchanges in order to steal data.
Protecting your data – Hints and Tips
End-user and endpoint security is crucial! Strong cryptographic protocols encrypt email, files and data, protecting information in transit and also guards against its loss or theft. Up-to-date security software is required to scan for malware and remove any found malicious code that is more often than not designed to wipe out data. Best of breed security software use heuristic and behavioral techniques to monitor and defend against malware (both polymorphic and metamorphic malware). Keep all software and operating systems updated with the latest security patches and fixes.
Always use anti-virus and anti-malware software. Use strong (not easily guessable!) passwords. When receiving emails from unknown senders do not click on links to unfamiliar websites and do not open attachments – most probably they will be malware. Avoid using unsecured WIFI networks (mostly in public places) as these are often used for man-in-the-middle attacks.