We live in a world where it is impossible to go about your daily life without having some form of your data stored with a company, whether it is your social network, your bank, your office, or even the retailers you shop with.
Data breaches are just getting bigger and bigger, with hackers getting savvier by the day at compromising this data. Companies are keeping thousands of files open for anyone in the company to access. In fact, Statista reports that as of 2015, 25% of global data required security but was not being protected.
According to World Economic Forum, cyber-attacks are considered among the top three risks to global stability. So why aren’t more companies putting more consideration into taking care of our data?
Prevention is always better than cure. So how can you prevent data breaches from happening at your company? Let us look into some of the ways companies can reduce the risk of a cyber security data breach.
All employees should be trained on a routine basis and especially at new hire orientation to outline cyber security best practices. Social engineering training can be employed to routinely identify weaknesses in the process. After all, it is much easier to fool someone into giving you their password than it is for you to try hacking their password. Train staff to identify and take action to prevent social engineering attacks.
Use automation tools and maintenance windows to apply security patches to apply security patches to any software and firmware. Waiting for employees to manually update these themselves would not cut it. Keep a log that shows objective evidence that this has been completed.
Create a secure password policy and make it mandatory for every user to follow it. A strong password makes for the basis of a strong lock. Encourage the implementation of two-factor authentication when necessary.
Backup, backup, backup. The 3-2-1 backup strategy, which is often regarded as the best practice to follow sees the rule as:
Encrypt and safeguard the private key/passphrase for the backup offsite.
At minimal, ensure all assets have a business-class antivirus suite installed and properly functioning under a policy. Scan all assets routinely. This is easy to set-up as an automatic schedule every one a week or however long you opt for.
Apply encryption for all portable media devices that can leave the premises such as USB devices, cell phones, and laptops.
Your company is probably doing this already, and if it is not, it should be; apply a safelist policy that allows only specific attachment types from company business partners. Use a smart host solution to leverage additional protection.
Create and maintain policies for security, disaster recovery, and business continuity. Enforce all policy actions and routinely test policy to identify weaknesses.
Continuously monitor event logs and alerts from all devices using a security information and event management (SIEM) solution. SIEM software, appliances or as managed services will provide real-time analysis of security alerts generated by applications and network hardware, and used to log security data and generate reports for compliance purposes.
Purchase at minimum a business-class firewall. Establish and maintain policies to safeguard egress and ingress traffic.