In a fast-changing threat landscape organisations are searching for the oneperfect solution that will offer their networks 100% security.
However, the truth is that there is no magic formula to guard a business against a data breach, especially considering the proliferation of trends such as BYOD, the consumerisation of IT and cloud. Add the human element into the equation and there is a lot for IT security staff to consider with threats coming externally, as well as from within the organisation.
Andy Aplin, technical director at IT security specialist Accumuli, talks us through five important things companies can do to protect themselves from a data breach.
Complete Visibility
First off, you need to know where the threats are coming from and be able to identify them as early as possible. This happens when IT security teams have complete visibility over the infrastructure – knowing where the sensitive data is, where the potential weaknesses are, where the threats are coming from and all of this in real-time.
Having an SIEM (security information and event management) platform that correlates information from security technologies and logs activities across the network allows the IT security team to do this and be more proactive in its approach.
It is also crucial to know what devices are on your network – especially difficult with employees using their own devices for work purposes – where they are accessing the network from, and what they are accessing. This helps create and institute a plan that limits access to certain information from specific devices or places on the network.
Do more than just enough
One of the major problems in IT security is complacency – the belief that existing security procedures and policies, or those used in the past are enough. Complacency fails to take into account the evolving threat environment andmistakenly sees threats as static. A perimeter firewall is no longer enough – all data and systems must be protected as well.
What you need is a comprehensive security policy – it sounds like common sense, but it also needs to be continuously updated and adapted according to the state of the risk environment. This should include regular patching and updates to all devices, the use of passwords on individual machines, devices and networks, encryption of sensitive data and the proper disposal of old (outdated) information and devices.
While many employees may be using their own devices on your company network, it is also important to have a policy in place that limits access to certain potentially risky websites (such as peer to peer download sites), as well as downloading behaviour.
Consider the user
Human error and system glitches remain the leading causes of data loss. Employees may be the weak link in the security chain but they don’t need to be. When drafting security policies consider the impact they will have on the end-user.
Employees need to be educated on the correct usage of passwords, encryption, and updates, as well as the consequences of failure to do so. This applies to new and existing employees. In addition, they should be made aware of social engineering – that is, inadvertently giving away information that can be used to gain access to the network.
BYOD – don’t shy away from making it policy
Bring your own device (BYOD) is happening in the majority of organisations either as part of a deliberate strategy instituted by the business or on an informal basis. The benefits of BYOD are significant but the presence of difference devices on a company network presents a problem and opens up the security infrastructure to additional risk. Again, employees must be educated on security procedures regarding passwords, usage and patching.A contingency must exist for the loss or theft of devices – including a back-up strategy and remote wiping facility.
How you deal with it
Given the high profile data breaches that occurred in 2013 it is a safe bet that a data breach of some kind is inevitable. However, how you deal with it can help in limiting its impact and assist in preventing future similar breaches. Don’t ignore it. Rather, have a plan in place to deal with a breach once it has been identified -determining where it happened, why it happened and how it could have been avoided.
