In this video, we will explore a few key things an organization can do to protect its data.
Passwords and authentication.
A very simple but often overlooked tactic that can help your company security is password security. It is very easy for malicious actors to guess commonly used passwords in hope of gaining access to your accounts. In short, the word password is never a good idea. Using simple passwords or having recognizable password patterns for employees can make it simple for cyber criminals to access a large range of accounts.
One study found that 59% of end users use the same password for every account. This means that if one account is compromised, a hacker can use this password on work and social media accounts to gain access to all of the user's information on these different accounts. Once this information is stolen, it could be made public or sold for profit on the deep web.
Implementing randomized passwords can make it much more difficult for malicious actors to gain access to your accounts. Other steps such as two-factor authentication provide extra layers of security that protect the integrity of the account.
Data encryption.
Data encryption is probably the most well-known data security technique. Data encryption applies a code to every individual piece of data and will not grant access to that encrypted data unless an authorized key is provided.
Encryption is a powerful tool for your organization's data security arsenal that can help your company secure data both from malicious outsiders and careless or accident-prone employees. It's also considered an important step toward compliance with various data laws and can be used to safeguard stored and transmitted data.
If a device is lost, stolen, or forgotten, it renders the data stored on them unobtainable to anyone who tries to access it without a decryption key. Hard drive encryption is also available, which is included in the most popular operating systems, for example, BitLocker in Windows and FileVault in Mac OS. By encrypting corporate computers' hard drives, you can ensure that no matter how a device is accessed, outsiders cannot gain access to data stored on it without a decryption key.
VPN usage.
One highly effective form of encryption is adopting the use of a virtual private network, or VPN. It's one of the simpler ways to make sure your data doesn't end up in the wrong hands. VPNs protect data from attackers who try to intercept network communications and get access to that data. This is considered to be an easy and cost-effective method for creating a secure connection. It also adds a protective encryption layer for all data that is moving between your company's core systems and employees' devices, as the transmitted data is encrypted and the IP address and location of the sender is hidden.
Data masking is a practice similar to encryption and is also referred to as data obfuscation, data anonymization, or pseudonymization. Data masking is the process of replacing confidential data by using fictitious data such as random letters, numbers, or special characters. The main purpose of data masking is to protect sensitive, private information in situations where the enterprise shares data with third parties. Masking specific areas of data can protect it from disclosure to external sources and also internal personnel who could potentially use the data for harm. For example, the first 12 digits of a credit card number may be masked within a database.
Data resilience.
Data resilience describes the ability of an organization to recover data in the event it is stolen or compromised. This can be done by creating backup copies of data. Organizations can recover data should it be erased or corrupted accidentally, or stolen during a data breach.
A good example of data resilience in everyday life is backing up the data on your iPhone to the iCloud. In the event you lose your phone or it's stolen, you're still able to have your pictures, contacts, and personal information, which can then be loaded onto your new device.
Data erasure.
Data erasure, though not as common, is another important step toward implementing robust data security strategies. There are times when data that is no longer active, or a user needs to be erased from all systems. For example, a customer may request for their name to be removed from your system, or the data is no longer needed for the original intended purpose. It is best practice to purge this data from your system rather than holding onto it. This minimizes risk and is also a requirement for many international data security laws.
DLP solution deployment.
Another helpful tool to incorporate into your organization's data security strategy is data loss prevention solution, DLP. A DLP software solution protects confidential data directly, regardless if the data is being stored or being transmitted. It's helpful because it allows you to discover and monitor confidential data, such as protected health information, PHI, or personally identifiable information, PII, and prevents unauthorized disclosure of that data.
A DLP solution will help you mitigate risks that originate within your organization and reduce the risk of data breaches, especially those caused by human error. Data loss prevention solutions can prevent sensitive data from being transmitted by users deliberately or accidentally from their devices, limit or block the use of USB and peripheral ports, as well as reduce malware infections through USBs and data leakage in general. Utilizing a strong DLP is a great step toward managing a variety of compliance laws and take some of the headache of keeping up some of the requirements of these legislations.
This concludes this section of Accountable security awareness training. You must answer the following questions to move on to the next section.