People have the curious ability to get used to almost anything over time. Whether it’s learning to fall asleep to traffic noise or coming to accept wrinkles as we age, we often become comfortable with our situation.
While this adaptability can be a good thing, sometimes it leads to complacency. In the constant fight against cybercrime, for example, becoming comfortable is the last thing people should do. In their quest to steal information, cybercriminals are constantly changing their methods, just like how a human virus evolves in the real world. To keep information safe, we are continuing to evolve new defenses against these attacks. But with so many threats out there – where do you start? Well, don’t try to boil the ocean!
One of the biggest mistakes we see is when organizations secure the endpoint and really lose focus on what really matters, the data! Security means more than protecting your smartphone, laptop or PC. It’s also about the information – your login credentials, your intellectual property and your customer data. Once you realize that protecting that information – wherever it travels and to whatever device – is your goal, you are in a better position to defend it. The data-centric mindset is the beginning of a different and more robust security practice. But don’t toss out the network security – you still need them both. Here are a few key points to consider as you work to keep your organization’s information safe.
- Safeguard essential data: With the current economic climate there aren’t many organizations that can afford to protect every scrap of data they produce. The best strategy is to determine what is really critical to your business or mission and concentrate your money and resources on protecting it. Then be sure to implement continuous monitoring to regularly test your defenses and identify weak areas, and lay out a remediation strategy.
- Know where critical information is stored: In addition to identifying what your critical data is, you will need to know where it is and how it flows in and out of your network. You’ll need to make sure that your confidential and critical information is only stored in the areas with the greatest protection.
- The importance of education: Employees are your first line of defense against information loss. Unfortunately they’re also your weakest link – the 2011 Ponemon Report on the Cost of a Data Breach reveals that negligent employees are the most common cause of data breaches. By regularly educating them on current threats and proper security measures, you can greatly reduce the risk of information theft. Also there is a difference between training and educating. Be sure that your employees not only know how to recognize a problem, but they also know what to do about it.
- Balance needs between business operations and security: Many IT executives are finding that employees don’t necessarily want access to all the information on your network. But they are finding, through surveys, that employees want access to the information that empowers them to be productive. Businesses may feel safer if information never leaves the local network and employees use locked-down devices. It’s important, however, to promote employee productivity by allowing them access to the information they need according to their responsibilities, while enacting policies to keep data safe and restricting access to unneeded information.
- Communicate: Leadership is in a position to influence how effectively security measures work. They should communicate often with employees of all levels to increase awareness of security needs and issues. Open dialogue will promote security and effectively change the culture of security.
Keeping sensitive information safe seems like a daunting task, but it’s vital that we not allow ourselves to be lulled into a false sense of security even if we haven’t fallen victim to a cyberattack. We should be proactive in constantly updating our defenses to keep up with emerging threats, and make all employees a more active part of the security team. Security is everyone’s job.
What do you think? Let us know in the comment section below.