Thought leadership piece from Mayleen Bywater, Senior Product Manager for Cloud Security Solutions at Vox
While the growing number and complexity of cybersecurity threats toward business, and the ensuing breaches, continue to make headlines around the world, the news coverage of the resulting attacks often tend to focus on larger corporations that are household names.
The reality, however, is that all businesses are at risk, regardless of their size, popularity or how much they make.
As long as a business has confidential customer records or financial information stored on their network, they are a cybercrime target. Hackers know how to exploit any and all weaknesses, and organisations need to take a 360-degree approach to security if they are to sufficiently protect themselves and their data.
Here are four best practices when it comes to data security:
Policies and procedures
The starting point for any organisation has to be setting the right policies and standards that makes security by default a priority. This encompasses conducting a comprehensive risk assessment, the setting of guidelines and procedures, who manages security responsibilities, who has access to information, data governance, setting up training and awareness programmes for staff, and ensuring overall regulatory compliance.
The email threat
The latest threats don’t target networks, but rather emails, which almost every company employee has access to. With improvements in security technology, humans have been left behind as the most vulnerable of gatekeepers.
With a growing number of employees preferring to work from home or remotely, or by using their own devices (laptops, tablets, smartphones and other smart devices), companies need to have a firm grasp of the endpoints that are accessing their network and data. They need to carefully control user management, ensure these devices are secured, as well as have an understanding of which users have permission to access and modify what data. Your security should be able to detect and take immediate action if an employee tries to connect an infected device to your network.
Backup and business continuity
Despite all these precautions, security is still not fool proof. If any of these defences are compromised, and you don’t have a proper backup system in place, you will not be able to restore your business in a timeous manner, and risk suffering from further damage to your brand and reputation.
Your business could even end up being held liable if it was found that it did not have the proper systems and procedures in place to store, manage and safeguard customer information and other personal data.
Skills, education and awareness
Lastly, however, it is important for companies to remember that while they can spend millions on network and data security products and solutions, a human employee that does not understand the security posture or culture of an organisation remains the biggest risk, as all it takes is a click on the wrong link. They need to be continually educated and brought into the fold to be part of your security defence measures.