All the Ways You're Not Protecting Company Data
By Bruce Harmon, Ph.D.
Data Privacy Day is held annually on Jan. 28 to raise awareness and empower people to protect their privacy and control their digital footprint. Colorado Technical University (CTU) is committed to promoting privacy awareness and has partnered with the National Cyber Security Alliance to help spread the word about this important issue. On this blog, CTU faculty share their insights and tips to keeping your digital identity safe.
In most organizations, the Chief Security Officer (CSO) or Chief Information Security Officer (CISO) is responsible for alerting the Chief Information Officer (CIO) and other key executives of potential security risks related to the business’ critical Information Systems (IS) infrastructure and data. Another key responsibility is to mitigate cyber-attacks.
While the steps to protecting company data and infrastructure are complex and unique to every organization, here are five fundamental actions every company must take:
- Strengthen password protocol. Establish company policy on strong password requirements and enforce it. This may mean requiring frequent password changes and setting a minimum character length for passwords.
- Encrypt sensitive data. While this might introduce complexity and performance degradation, it is essential to prevent the accidental release of sensitive information that can expose your company and its clients to harm.
- Educate staff. All employees, including contractors and vendors, should be apprised of security practices in your company. Internal staff is often the weakest security link in companies. To reduce risk, train employees and periodically test their security knowledge. Make it part of their performance evaluation, keeping documentation of their security knowledge.
- Practice and test. Stress test your IS infrastructure with professional penetration testers who can identify potential vulnerabilities. Without testing and live practice scenarios, you may never know the extent of your vulnerability to attack.
- Establish a redundant IS infrastructure. Creating a mirror image of your healthy, full-operational infrastructure enables business continuity when an unforeseen event strikes. Be sure the mirror is placed off-site in a location that would not normally be subject to destruction by a common event such as earthquake or hurricane. Maintain synchronization between the sites during operation. Design enough isolation between the systems that a successful cyber-attack on one does not achieve the same result on the other.
This list is just a primer. It is not a complete list of preventative actions to be taken, but offer your important first steps you should act on immediately to protect your vital business intel.
Image credit: Flickr/mythic_moonlight