eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
1How to Stop Worrying About Hackers and Start Protecting Data Assets
2Focus on the Right Threats, not All of Them
Most organizations are dealing with threats from malware, malicious insiders, third-party attackers, corporate adversaries, hacktivist campaigns and more. No matter how many patches you apply across operating systems and employee devices, incidents like zero-day exploits can leave your team vulnerable. By prioritizing which threats matter most to your data and your industry, you can concentrate on the protection tactics that will pay off in the end.
3Keep Your Data Inventory Up to Date
4Give All Data an Expiration Date
The most secure organizations are constantly poring over their data inventories, identifying which programs and files they don’t need and deleting them. Get in the deleting habit by giving all of your data an expiration date. When the deadline comes up, check with the data’s owner, then destroy it if it’s not still adding value to the company.
5Don’t Disregard Updates, Patch Notices from Vendors
This habit should be obvious, but it remains a common factor in cyber-attacks. When tech vendors release updates about critical vulnerabilities and distribute patching information, take the time to install the patch. And while you’re at it, check for recent versions of the hardware and software you use daily. Older versions of devices and programs tend to carry known vulnerabilities that are just waiting to be exploited.
6Keep Every User In The Loop About Security Issues
User training and education is paramount to maintaining a secure IT environment. Share information about threats your company has faced in the past, present and future, discussing common issues as well as rare attack scenarios. Let security professionals lead the conversation for end users; meanwhile, invest in ongoing training for in-house security personnel.
7Know That Hackers are More Persistent Than Smart
Maintain consistent security configurations among the devices in your organization that perform similar roles. Hackers tend to come through systems looking for vulnerabilities, such as the one server you haven’t gotten around to updating. Teach your network administrators that consistent changes and configuration control could be the factor that saves the company from a massive data breach.
8Implement Least-Privilege Access Control
Remember the Target data breach in 2012 that dominated headlines and began with a third-party user that had access to the company’s network? Give the bare minimum of access permissions to the least number of people necessary to complete every task. Then, on a regular basis, ask resource owners and users to re-verify permissions and access rights.
9Set Up Network Security Monitors and Pay Attention to Alerts
Most hacking incidents are captured on event logs and never recognized until after the incident is over. By aggressively monitoring for anomalous behavior and setting up alerts for specific issues, you can avoid finding out your system was breached six months after unusual activity indicated something was going on.
10Get Your Team on the Same Page About Incident Response
More corporate executives are confronting this scenario: “Our data was breached today. What’s your next move?” Every member of your team should have a response to this question, whether their role will be dealing with remediating the system or communicating the news to customers and partners. If your incident response plan covers every possible scenario, you can make employees more security-minded by giving them some power to defend critical data.
11Know Your Limits
Even the world’s best doctors go to the doctor. Evaluate your organization’s core competencies and abilities in terms of how thoroughly you can protect your data. Then, cover the spaces in which you fall short by working with a trusted, reputable security partner. No organization looks forward to dealing with a security breach, but if an incident occurs and your team’s own ego is partially at fault, you’re adding insult to injury.