Top Ten Ways to Prevent a Costly Data Breach

top-ten-ways-to-avoid-a-costly-data-breach

As companies capture and store more vital business data every day, it becomes more important that organizations take the proper steps to protect their data assets. Be it human error, technical failure, or natural disaster, backup and disaster recovery solutions are an absolute necessity in 2016. These ten steps should be the first a company looking to get serious about data protection should know:

Business Risk Assessment:

Every IT Manager should be required to perform a business risk assessment for each key infrastructure, be it cloud, or on-prem, that is responsible for the management, maintenance and/or storage of data. An assessment should define, and identify  the importance that data repositories play in housing critical data within an organization. The assessment should also define and document the Disaster Contingency and Recovery Plan for his/her area of responsibility. Questions that plan should answer include: What are key business processes? What are the applicable risks to availability? What is our prioritization of recovery?

Employee Education

Businesses should train their employees in best practices to ensure security. This will be beneficial to everyone to raise awareness about the threats that lurk beyond network walls. Training can also reduce the risk of mistakes that typically lead to a data breach. An established policy of data security should be high on a data-driven company’s to-do list.

Monitor Insiders 

On top of your in-house auditing- you must audit off site as well. Think of it as an electric fence for sheep, or cows- shocking anything that doesn’t have the key to the fence and zapping anything that tries to get out too. OK, enough about sheep! This is serious! The key to successful disaster recovery is to have a plan well before disaster ever strikes. Included with that plan, you must audit the plan by implementing policies that it addresses all parties who have access to your data: security product providers, maintenance people, people who are there to help, but weren’t even called?! Especially those guys! Monitoring network traffic can help IT view unusual behavior, or at the very least, know what normal network traffic looks like so if anything out of the ordinary is to occur, they will be able to quickly recognize the outlier.

Secure Computers and Mobile Devices

The first step to securing a company’s devices is to deploy password protection and time out functionality. It’s also important to make sure all of the regularly used software is up-to-date to ensure that the latest security patches have been installed. A business can also decide to add website blockers and unapproved software filters on their computers for added security.

Keep Current with Security Software Updates

An unpatched system is, by definition, operating with a weak spot just waiting to be exploited by hackers. Admittedly, applying patches takes time and resources, so senior management must provide guidance on allocations and expectations.

Encryption that Secures Data In-flight and At-Rest

Data encryption modules  should be FIPS 140-2 certified by the US National Institute of Standards and Technology. Data is encrypted at the source before it leaves the company LAN, so you can be sure that all your data is secure as it travels over public networks and while it is stored in backup repositories.

Anticipate Potential Ransomware Attack

Organizations that protect data with solutions like disaster recovery, and proper backup of critical systems, can be brought back online and continue to operate, regardless of some unknown individuals and their attempts to hijack your wallet and hold your data hostage. Disaster-Recovery-as-a-Service providers offer businesses protection from the Cybersecurity infiltration that’s sweeping the nation. Compare DraaS Solution providers Here.

Apply an Encryption Policy

Company’s need to make sure that all of their data, whether it’s at rest or in motion, is encrypted. This includes adding security measures to everything from servers to computers to users’ mobile phones. Encryption is the easiest safeguard against stolen or misused devices.

Test, Retest, for Vulnerabilities

Make sure to test systems on a regular basis.  IT departments may not test enough and some may never test their solution at all! The testing process is invaluable, and as times change, automation and self-testing tools are alleviating IT from this duty, allowing them to focus on other high-impact initiatives. Third-party disaster recovery specialists can help with setting up training (including online options) and running tests so that your plan and your people will be ready to go when needed. Many BDR vendors include this training with purchase of their services.

Regular scanning to systems within a company’s network will allow for recognition of vulnerabilities before they become exploited. Having a reliable enterprise-class backup solution in place is also very important.

Data security is gaining popularity as organizations begin to understand the importance of protecting data assets. Proactive planning, training, and action can help to ward off would-be threats.

Business Applications Protection

Disk image technology enables consistent backup of running applications. This allows you to backup Exchange, SQL Server, SharePoint and active directory data as you work. Granular applications data may be restored without taking the systems offline, protecting your business from expensive downtime.

Related Reading

Lauren Cooke
Follow

Lauren Cooke

Lauren enjoys researching the latest in cloud computing, investigating the unique ways that users are leveraging technology to better businesses.
Lauren Cooke
Follow