As the threat landscape continues to evolve, more companies are accepting the fact that most security incidents are, whether directly or indirectly, caused by their own employees. As such, the traditional moat-castle approach to preventing unauthorized access to critical resources is not as effective as it once was. Of course, firewalls and robust physical security measures are still necessary, but a more data/user-centric approach is required.
Top 10 Data Security Measures for Organizations
Below are ten of the most important security measures that organizations need to focus on in order to keep their systems secure.
1. Data Classification
In order to protect your critical assets, you need to know exactly where they are. Data classification software will automatically scan your repositories, both on-premise and cloud-based, and classify sensitive data as it is found. Some solutions allow you to select a pre-defined classification taxonomy, which allows you to classify certain types of data, such as payment card information (PCI), or protected health information (PHI).
2. Strict Access Controls
Given that privileged account misuse is one of the leading causes of data breaches, it is imperative that you restrict access to critical systems, accounts, and data, in accordance with the Principal of Least Privilege (PoLP). In other words, users should only be granted access to the assets they need to perform their role, and access should be revoked when it is no longer required. It is generally considered to be a good idea to use multi-factor authentication whenever possible.
3. Monitoring Privileged Account Access
You must ensure that you carefully monitor all access to privileged accounts, and receive real-time alerts when they are accessed in a way that is deemed suspicious. Examples of suspicious events include;
- A user accessing a privileged account outside of office hours;
- A user accessing an inactive or shared user account;
- A user accessing the network from an unrecognized location or device;
- A user accessing data they don’t normally access;
- A user repeatedly enters the wrong credentials to access their account.
4. Encrypting Sensitive Data
All sensitive data should be encrypted, both at rest and in transit. The use of encryption is one of the simplest and most effective ways of preventing unauthorized access to sensitive data, yet it is still one of the most overlooked.
5. Security Awareness training
Since a large number of security incidents are caused by negligent insiders, security awareness training is crucially important. Employees must understand the importance of good password hygiene and must be trained to identify suspicious email/SMS messages, as well as phone calls. They will need to check for email messages that are sent from public email domains, messages with poor spelling and grammar, and messages that create a sense of urgency. Employees should never download attachments from unknown senders or click on links to untrusted websites.
6. Network Segregation and Segmentation
Network segregation is where critical networks are isolated from public access, whereas network segmentation is where a network is divided into smaller sub-networks. Both network segregation and segmentation play an important role in establishing a zero-trust architecture, which assumes that all users are potentially malicious, and should thus verify their identity anytime they need access to critical resources.
7. Cloud Security
Cloud security is a broad term that involves a wide range of security measures, ranging from implementing robust access controls to encrypting sensitive data, and carefully reviewing all security settings and agreements associated with your cloud service provider. You must ensure that your chosen security solutions are able to discover, classify and monitor all sensitive data stored in the cloud.
8. Application Security
It is common for web applications to contain vulnerabilities, hence why we need to install updates/patches. Broken access control methods, cryptographic failures, and security misconfiguration are among some of the vulnerabilities that exist in modern applications. One of the most common types of application security threats is insecure web forms, which will expose the application to SQL injection attacks. If the application developer fails to properly sanitize the web form inputs, attackers can inject code into them that queries the underlying database. In some cases, the attacker is able to extract large amounts of valuable data using this approach.
9. Patch Management
All systems and applications must be patched in a timely manner. If your company uses lots of proprietary software, it’s generally a good idea to use an automated patch management solution to ensure that you don’t miss anything.
10. Physical Security
While not as relevant as it once was, it is still crucially important that your server rooms and workstations are properly secured using locks, alarms, ID badges, CCTV cameras, and any other methods that will prevent unauthorized access.