View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 27, 2014updated 22 Sep 2016 1:14pm

5 tips to prevent data breaches

Andy Aplin, technical director at IT security specialist Accumuli, talks us through five important things companies can do to protect themselves from a data breach.

By Duncan Macrae

In a fast-changing threat landscape organisations are searching for the oneperfect solution that will offer their networks 100% security.

However, the truth is that there is no magic formula to guard a business against a data breach, especially considering the proliferation of trends such as BYOD, the consumerisation of IT and cloud. Add the human element into the equation and there is a lot for IT security staff to consider with threats coming externally, as well as from within the organisation.

Andy Aplin, technical director at IT security specialist Accumuli, talks us through five important things companies can do to protect themselves from a data breach.

Complete Visibility

First off, you need to know where the threats are coming from and be able to identify them as early as possible. This happens when IT security teams have complete visibility over the infrastructure – knowing where the sensitive data is, where the potential weaknesses are, where the threats are coming from and all of this in real-time.

Having an SIEM (security information and event management) platform that correlates information from security technologies and logs activities across the network allows the IT security team to do this and be more proactive in its approach.

Content from our partners
Infosecurity Europe 2024: Rethink the power of infosecurity
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond

It is also crucial to know what devices are on your network – especially difficult with employees using their own devices for work purposes – where they are accessing the network from, and what they are accessing. This helps create and institute a plan that limits access to certain information from specific devices or places on the network.

Do more than just enough

One of the major problems in IT security is complacency – the belief that existing security procedures and policies, or those used in the past are enough. Complacency fails to take into account the evolving threat environment andmistakenly sees threats as static. A perimeter firewall is no longer enough – all data and systems must be protected as well.

What you need is a comprehensive security policy – it sounds like common sense, but it also needs to be continuously updated and adapted according to the state of the risk environment. This should include regular patching and updates to all devices, the use of passwords on individual machines, devices and networks, encryption of sensitive data and the proper disposal of old (outdated) information and devices.

While many employees may be using their own devices on your company network, it is also important to have a policy in place that limits access to certain potentially risky websites (such as peer to peer download sites), as well as downloading behaviour.

Consider the user

Human error and system glitches remain the leading causes of data loss. Employees may be the weak link in the security chain but they don’t need to be. When drafting security policies consider the impact they will have on the end-user.

Employees need to be educated on the correct usage of passwords, encryption, and updates, as well as the consequences of failure to do so. This applies to new and existing employees. In addition, they should be made aware of social engineering – that is, inadvertently giving away information that can be used to gain access to the network.

 

 

 

BYOD – don’t shy away from making it policy

Bring your own device (BYOD) is happening in the majority of organisations either as part of a deliberate strategy instituted by the business or on an informal basis. The benefits of BYOD are significant but the presence of difference devices on a company network presents a problem and opens up the security infrastructure to additional risk. Again, employees must be educated on security procedures regarding passwords, usage and patching.A contingency must exist for the loss or theft of devices – including a back-up strategy and remote wiping facility.

How you deal with it

Given the high profile data breaches that occurred in 2013 it is a safe bet that a data breach of some kind is inevitable. However, how you deal with it can help in limiting its impact and assist in preventing future similar breaches. Don’t ignore it. Rather, have a plan in place to deal with a breach once it has been identified -determining where it happened, why it happened and how it could have been avoided.

 

 

 

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU