Data breaches are inevitable. Ask Sony CEO Howard Stringer, who called security a "never-ending process," and that no one could claim to be entirely secure. "It's not a brave new world; it's a bad new world," Stringer told the Wall Street Journal. The sheer number of data breaches reported this year alone has led to security experts dubbing 2011 as the "Year of the Hack." What's an organization to do when the big giants are admitting they have been breached? With sophisticated malware, advanced attacks and sneaky insiders, security seems like an unattainable goal. Security is everyone's responsibility, from the board of directors, c-level executives such as the CEO, CIO, CFO, down to the front-line employees who actually work daily with sensitive information. While implementing security measures is important, organizations also need to plan for the inevitable "what-if" scenario when systems and data are compromised. For this slide show, eWEEK chatted with Rick Dakin, CEO of Coalfire, for additional insights on what organizations can do to secure sensitive information.
of
Know What Your IT-Related Risks Are
Every company should conduct an IT risk assessment at least once a year. A thorough IT risk assessment will help identify and prioritize problem areas.
Know Where Your IT-Related Risks Are
It's not enough to know "what" the problems are, the "where" is critical, too. A good IT risk assessment can save money in the long run.
Achieve Compliance With Data Protection Regulations
First, get compliant with all relevant government and industry data preservation standards. But achieving compliance is pointless if the company can't consistently maintain it. Develop a process to manage compliance and keep compliance records up-to-date.
Conduct Penetration Tests
Hire an independent auditor to run penetration tests to find the vulnerabilities in the system. Run social engineering tests as well.
Know the Incident Response Plan
All companies need to assume they will need an incident response plan. If your organization doesn’t have one, develop a plan soon. Practice the plan, so when data breaches happen, everyone knows what to do immediately.
Educate All Employees
People are inadvertently the most common causes of security leaks. Teach employees—top to bottom—to be careful of what they do on personal devices and what corporate data they download.
Encrypt Sensitive Data
Encrypt sensitive data stored on servers, laptops and portable media. If data is being stored on highly portable USB flash drives, encrypt those, too. If any of them are lost, no one can access the encrypted data.
Strong Password Policy
Require all employees—from the highest to the lowest—to change passwords frequently and make sure the selected passwords are strong. Educate users to not reuse passwords across multiple business or even personal accounts.
Segment the Network and Computers
Use a separate machine for financial transactions such as banking and payroll. Don't access anything else, such as email or any other Websites from that machine, to foil malware and phishing schemes.
Don't Treat Security as a Nuisance
Security is more than just preventing or limiting what people can do. Good security enables businesses to operate more securely by protecting revenue and profits that could be lost through a data breach. Treat security as an essential part of the company's mission.
Windows Azure is a public cloud platform for building, hosting and scaling applications. Try Windows Azure free for 90 days and get 20GB outbound and unlimited inbound data transfer.
IT Security & Network Security News & Reviews News & Reviews 
Cloud Data Backup Now Makes Sense for SMBs: 10 Reasons Why 
HP, Lenovo, Asus Laptops, Desktops Offer Consumer Style for Busin[..]
Microsoft`s F#: 10 Reasons Why It`s a Hot Programming Language fo[..]
Data Center Efficiency: 10 Tips to Boost Productivity, Reduce Pow[..]
iPhone Apps to Kick Off the 2012 Summer Season 
Email Security: 10 Steps for Dealing With Dangerous Messages
See All Slideshows
Data breaches are inevitable. Ask Sony CEO Howard Stringer, who called security a "never-ending process," and that no one could claim to be entirely secure. "It's not a brave new world; it's a bad new world," Stringer told the Wall Street Journal. The sheer number of data breaches reported this year alone has led to security experts dubbing 2011 as the "Year of the Hack." What's an organization to do when the big giants are admitting they have been breached? With sophisticated malware, advanced attacks and sneaky insiders, security seems like an unattainable goal. Security is everyone's responsibility, from the board of directors, c-level executives such as the CEO, CIO, CFO, down to the front-line employees who actually work daily with sensitive information. While implementing security measures is important, organizations also need to plan for the inevitable "what-if" scenario when systems and data are compromised. For this slide show, eWEEK chatted with Rick Dakin, CEO of Coalfire, for additional insights on what organizations can do to secure sensitive information.