How many businesses have a data security strategy? My guess would be not many. Why? because not many people really understand how to protect their data against the three main data security risks:
1. Outsider – Malicious threat where someone will try to attack your business, normally to steal data for monetary gain.
2. Insider – The disgruntled employee stealing company information to either give or take to a competitor.
3. Accidental – Internal IT user who does something unintentionally.
Of the three, the accidental threat is by far the most common/dangerous. We are finding that almost daily, a careless employee is losing information over the web or by email channels. The end user will typically have no idea of what they have done or how much damage they have caused.
To protect your data, you need to have a data security strategy. The first thing you need to understand is what types of data you hold and where this data is stored. GDPR has made companies more aware of this issue, but, they still have a long way to go. Data, as we all know, is growing exponentially and everything is now digitally stored.
Types of Data:
· Personal Information
· Financial Information
· Health Care/Personnel records
· Intellectual Property
· General business data and much more this will be dependent upon your industry.
Data Loss Prevention
Now you know what types of data you need to protect – how do you do it?
Your data security strategy must be made up of four components and without each area covered, you will have a hole in your security. This means you are vulnerable, and as we all now know, with GDPR, this means a fine!
1. Regulatory Compliance – Industry regulations and national data protection legislation (GDPR).
2. IP Protection – Mitigating the three main security areas – Outsider, Insider and Accidental.
3. Cybersecurity – Where your data is stored, Inbound and Outbound defences and encryption.
4. Business Enablement – Identifying the data flow within your business, adopt cloud technologies and improved management.
The secret to an effective data security strategy is to get everything right, without impacting on the daily effectiveness of the business.
Next Generation Approach to a Data Security Strategy
With data growth, increased threat landscape and new legislation, you must take data security more seriously. And act smarter.
There are a number of new processes/procedures you can now add to your data security strategy.
Contextually aware data security – Who, what, where and how. Then have a course of action which could be one of the following. Audit, block, notify, remove, encrypt, quarantine or confirm. By doing this you reduce the false positive alerts and more importantly – keep your business moving.
Identify and classify your data more easily – To do this we can use techniques such as keywords, regular expressions, machine learning, behavioural analytics and fingerprinting.
Meet regulatory compliance – You can now do this with easily defined templates that can be industry or regulatory specific.
Stop the insider threat – Behaviour analytics can identify when someone does something that is not normal and takes a specific action depending on the what the user is trying to do. This can be email, removable media, printing or uploading to the cloud. You will also get alerts if someone is accessing things on your network that they shouldn’t or are accessing data out of hours. One way of sending confidential data from your network is to hide it in a picture as metadata. You and now use OCR (Optical Character Recognition) to identify the text in a picture document.
Alerting – One of the main problems on a computer network is knowing what users are doing at any time. Most network administrators can monitor the flow of network traffic but are unable to identify what that traffic is. GDPR, states that you must report a data breach within 72 hours of finding that breach. The hard part of that is knowing you have been breached in the first place. With Data Loss Prevention (DLP) software you can be alerted to a possible breach and stop it before it leaves your network.
What does it all mean?
If you want to ensure your business is cyber-aware, you need to do more than the traditional firewall and anti-virus. You must take a data-centric approach to cybersecurity.
With a data-centric approach, you are now employing many different techniques such as – behavioural analytics, destination awareness, OCR, contextual awareness, encryption, security alerting, compliance wizards, fingerprinting and data discovery. Only when you have all this working in harmony and protecting your business against web and email attacks can you be secure in the knowledge that you have in place a data security strategy.
You can spend many thousands of pounds on technology. However, a good place to start costs very little – train your staff, make sure they are cybersecurity aware and know what to do if something suspicious appears on screen or in an email.
Unleashed work with several partners and vendors to provide a total security solution. For a data-centric approach, we partner with Forcepoint.
For a more details chat about your requirements you can reach out to Unleashed and speak to a cybersecurity expert. Call today on 0333 240 06565 or visit our website.