Surprising Ways to Improve Business Data Security
Today’s business environment presents substantial threats and risks— Here are 5 ways your organization can better protect its systems and data.
Over the course of nearly two decades, the Internet has spawned remarkable advances in business and leveled the playing field for mid-size and middle market manufacturing companies.
Remarkable advances in digital technologies have heightened the need for companies to improve business data security and protect its systems.
It’s critical to take a holistic view of business data in systematically assessing risks and prioritizing security investments.
But there’s also a downside to being connected. Today’s business environment presents substantial threats and risks—some of which can permanently damage a business. Getting a handle on business data security has never been more important. Here are 5 ways your organization can better protect its systems and data.
“The threat profile has changed completely over the past ten years,” states Jonathan Gossels, president of SystemExperts Corporation, a Sadbury, Massachusetts security consultancy. “In the past, hackers publicly demonstrated their prowess with flashy takedowns. Nowadays, with organized crime and hostile foreign governments in the picture, subtlety and persistence are the goals.” This translates to intrusions but also social engineering techniques that dupe employees into clicking a bad link and a system becoming infected by malware. “The hacker extracts some economic or strategic advantage over a long time period,” he says.
Until recently, data resided primarily on servers located within the enterprise. Today, data exists on laptops, iPads, iPhones, USB sticks, cloud environments as well as systems run by business partners and third parties. “You can’t manage what you don’t understand,” Gossels points out. He suggests systematically assessing risks and prioritizing security investments. It’s critical to take a holistic view of data—including where it resides, how it travels across the network, what applications use it and where it is backed up and stored. A comprehensive security framework, such as ISO 27702, can pay dividends. It encompasses 135 best practices in areas as diverse as access control, physical security, human resources controls and classifying the value of data.
Typically, a number of key security components exist. These include: authentication, encryption, firewall protection, endpoint security, web filtering and data loss prevention (DLP). But one of the mistakes that companies make is assembling an unmanageable collection of best of class tools rather than an integrated product suite, Gossels notes. Unfortunately, organizations that take this tact often find too many things falling through the digital cracks.
As new and bigger threats have emerged and IT frameworks have become infinitely more complex, security executives have increasingly found themselves unable to keep up. As a result, a growing number of organizations are establishing a more specialized position—typically chief risk officer (CRO) or chief information risk officer (CIRO)—to address intertwined governance and security issues in a more comprehensive, integrated and focused manner.
The risks of data loss and theft continue to grow as mobile tools, cloud computing and social media go mainstream. Organizations must constantly reevaluate polices and redefine the concept of protection. For example, mobile device management (MDM) allows IT to control what’s stored on a device and wipe it, if it’s lost or stolen. Some companies are also turning to a big data approach to security to better identify unusual patterns and suspicious events.