Data security failures cause significant damage to a company. The level of harm caused determines the extent of ruin. It might go as far as forcing businesses to close down. The non-compliance with regulations has made data security quite a big deal. It is the duty of a company’s information officer to ensure the privacy and security of the company’s customers’ information and, most importantly, the company’s data parse.
Contrary to the public perception that hackers are the leading cause of data breaches, as they are portrayed in movies, the greatest threat (namely the way these hackers get their information) is actually the employee’s unawareness. In a recent study, it was identified that inadequate employee training and a lack of threat awareness are actually the major threat to data privacy and security.
These failures are regularly realized through the simplest of errors. An employee can innocently respond to an email that claims to be verifying a password and username or a forgotten laptop in a public place can offer enough info for a major breach and so on. Several other simple mistakes can provide hackers the chance of getting a clue to vital information or data.
The greatest wish of any business owner and customers as well is for their data to be secure. With the increase in cybercrime, the rise of insider threat and hackers to your organization’s cyber security, the least you can do is to employ best data security practices to guarantee the safety of your data.
This article will share with you the ten best practices to secure your data, be it online or onsite.
1. Go Back to the Basics
(A) Limit the number of people with admin rights.
When there are too many individuals with admin right there are higher chances of a security breach. It is similar to a building with too many master keys. Before giving out admin privilege to anyone, ensure that they are trustworthy. Also be ready to keep an eye on them and their activities related to the company’s infrastructure.
(B) Have a defined Measurement
Ensure that you have clear metrics that will be meaningful and have the ability to help in accessing the nature of your security over time. When attention is increased – which comes with an increase in budget from the management board – there will also be an increase in responsibility. Which means you’re teaching your managers and employees to be more accountable.
(C) Work with other Departments
Often, we see that the security staff is not always working together with other departments of an organization. This difference will be even greater when it comes to the business side of the organization. To overcome this, make sure that the security policies are adopted into business processes and operations, as soon as possible, because the absence of such will give way for scenarios where security will be breached. If you handle the situation before it becomes a problem, your organization will have nothing but to gain from the increased communication, as well.
2. Password Management Policies
- Request unique password from users of external vendor systems and stop accepting the setting of the same password for internal and personal logins to websites.
- Don’t store passwords unless it is truly necessary, and if you still want to save a password, first ensure that it is properly encrypted.
- If a third party is terminated from collaborating with them, and they shouldn’t have access to your data anymore, make sure any residual access they may have is removed.
- Request users to make use of strong passwords. This rule could require, for example, a minimum of eight characters consisting of alphanumeric characters.
- Conduct a frequent check of all default accounts and make sure inactive accounts are disabled.
3. Email Authentication
- Incorporate inbound email verification checks for DKIM, DMARC, and SPF.
- Verify outbound emails with DKIM and SPF, including delegated and parked sub-domains.
- Request for both ends emails verification using DKIM and SPF with a reject policy of DMARC, or a quarantine system for all streams of mail that are managed and hosted by third parties.
- You should encourage your business partners to authenticate all the emails sent to your company, to reduce the chances of receiving spoofed emails and spear phishing.
4. Conduct Frequent Vulnerability Tests
5. Monitor Your Infrastructure
You may also like: Cyber security best practices in 2017.
6. Patch Your Security Software Regularly
7. Continually Refine any Data Breach Plan
8. Review Server Certificates
9. Allow Only Authorized Wireless Devices
10. Least User Access (LUA)
This article is written by Mike Jones. He is a professional writer and genuine techie. He is very passionate about cloud-computing and its security issues. Mike is a Boston University graduate and contributing editor for BurnWorld.