Image via Unsplash
More than three quarters (77%) of IT decision makers across the U.S. and Canada believe their companies are likely to face a data breach within the next three years according to a survey of 882 IT professionals across North America, released recently by Adastra and conducted by Forum Research in December 2022.
Survey respondents ranked data security as the biggest game changer in 2023 as companies continue to bolster their cybersecurity preparedness. Sixty-eight percent of managers say their companies have a cybersecurity division and a further 18% report they are in the process of creating one. Only 6% of respondents reported having no cybersecurity division.
In response to the survey, security professionals from Adastra share tips for bolstering cybersecurity and data security for workplaces.
Unauthorized disclosure of data isn’t always the result of malicious actors. Often, data is accidentally overshared or lost by employees. Keep employees informed with cybersecurity education. Employees who go through regular phishing tests may be less likely to engage with malicious actors over email or text messaging.
Taking inventory of software, hardware and data assets is essential. Having control over the assets with access to the corporate environment starts with an inventory. Inventories can be a part of the overall vulnerability management program to keep all assets up to date, including operating systems and software.
Furthermore, a data inventory or catalogue identifies sensitive data, which allows appropriate security controls like encryption, access restrictions and monitoring to be placed on the most important data.
Reducing the overall data footprint can be an effective way of reducing risk. Data that resides in multiple locations may not have equal protection in each environment. Understanding what data is required and what can be archived helps keep control over data assets.
Detecting anomalies and suspicious activities can resolve issues before they become a breach. Today’s extended detection and response (XDR) and endpoint detection and response (EDR) systems include automated responses to common attacks. For example, suppose an employee downloads a malicious email attachment. In that case, the EDR system can prevent the execution of the malware hidden inside and alert security staff.
These detection systems can be monitored by internal cybersecurity staff or monitored by third-party security companies.
Having a robust, immutable data backup plan can help an organization quickly recover from an incident. The frequency of the data backup depends on the risk the organization is willing to take. “Can the organization afford to lose a week’s worth of data or a day’s worth of data?”
Employing the least privilege principle reduces overall risk by allowing only access to data and services required to perform specific duties. Establishing processes for provisioning and de-provisioning user access with approvals, audit trails, reports and regular attestations can limit what an attacker may be able to access in the event of compromised credentials. It’s not uncommon for end users to have unrestricted administrative access to their endpoint laptops. This allows users to install unauthorized software or be more easily targeted for malware attacks.
An outside assessment of an organization’s security posture, based on established cyber security frameworks such as NIST or CIS, can provide a clearer picture of strengths and weaknesses and a roadmap to address the greatest vulnerabilities.
Traditionally users are authenticated by one of three ways:
Adding a second factor to the ubiquitous password authentication adds another layer of security for access.
Most data breaches occur because a known vulnerability was exploited. Establishing a vulnerability management program that regularly scans software assets and applies patches is one of the most crucial security activities a company can perform.
As employees return to the office, there will be employees who are coming to the office for the first time. Reinforcing clean desk policies and reviewing physical access controls, including access to secure areas, may be required to ensure assets are not stolen or lost.
Work-from-home employees who have company assets should be routinely educated on keeping those assets secure while at home as they would in the office.
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.
Let’s examine a sad reality: Workplace violence is not going away. How can this data be leveraged to help ensure the safety of your employees, patients, and guests?
Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.
Copyright ©2023. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing