An Egalitarian Approach to Data Security

In the digital age, data is one of the most valuable assets in an organization’s possession but an increase in the prevalence and complexity of cyber-attacks, alongside the migration of data beyond the confines of the traditional data center and onto endpoint devices, has made protecting company information significantly more challenging. 

In fact, the scale of this challenge, coupled with the ever-increasing volume of data that organizations collect, could be a significant factor in senior decision makers prioritizing the protection of certain types of data.

For instance, Code42’s recent Ctrl-Z security study found that both business decision makers and IT decision makers view financial and customer information as their highest data protection priority (33% and 31% respectively). 

After all, an organization’s financial information is very sensitive in that if it were disclosed, there would a very immediate, direct effect on company value and share prices. So naturally, every logical step should be taken to safeguard it.

At the same time, customer data security should be equally important to the enterprise. A high-profile customer data breach can cause irreparable damage to a company’s brand and reputation. This is due to a loss of customer trust and loyalty, which then has a knock-on effect on financial performance as well. Needless to say, this can be business destroying even if financial data is not directly disclosed.

So, how can business and IT leaders implement a comprehensive security strategy that gives equal weighting to looking after all of its data – whether financial, customer or otherwise.

Data spread is unavoidable
Understanding the flow of data across an organization is a prerequisite for deploying comprehensive protection. Looking at financial information, for instance, it would be a mistake to assume that it remains ring-fenced within the finance department itself. 

In an increasingly connected world where employees work from a variety of locations, C-level executives, and lines of business managers, may require access to information at any time. As such, financial data is as likely to be found on an endpoint device, such as a CEO’s laptop, as it is the data center.

Given that 52% of business decision makers admit to using unauthorized applications on their mobile devices, data stored on these platforms could be particularly at risk: just one especially convincing ‘whaling’ email asking for access to a file or folder, or a zero-day ransomware attack, and it could be gone.

Of course, this principle also applies to customer data; the only difference being that the issue is far more widespread. Just think — how many of the departments across your company interact with customers, or at least their information, on a daily basis? My guess would be almost all of them — and this means that customer data is kept almost everywhere across the organization. Consequently, every device in the business must be protected. 

A simple solution for a complex threat
A common mistake when it comes to protecting data, financial or otherwise, is the assumption that devices fitted with anti-virus software are impervious to threats. Whilst anti-virus offers an important first line of defense against cyber-criminals who are looking to steal your data, even the best solutions are not impenetrable. 

Unfortunately, the current climate is such that the evolution of malware strains mean it is unfeasible for anti-virus solutions to identify and block all threats, every single time. So, when the worst does happen and financial or customer information is compromised, it is essential that companies are able to identify the infected device and network point of entry as soon as possible. 

Endpoint recovery solutions offer this visibility of data flow across the network, equipping business for the swiftest possible recovery and allowing them to bounce back quickly. A swift and accurate breach post-mortem will also help to reassure customers that your company is in control under difficult circumstances, and maintains compliance with data protection legislation, such as the forthcoming GDPR. 

Staying vigilant
Whilst front-end and back-end security solutions can help with data protection and recovery, their effectiveness will always be blunted by a limited understanding or careless approach to data security from employees. 

Of course, people are fallible, and some allowance has to be made for human error, especially in the face of sophisticated, targeted spear phishing attempts. These only require a momentary lapse of concentration to have potentially devastating consequences. However, a business should do its utmost to ensure that security remains at the forefront of employees’ minds. 

The development and communication of a comprehensive security policy, along with the utilization of best-in-class supporting software, can go a long way to minimizing the likelihood of a breach. In turn, this minimizes the likelihood of financial loss, reputational damage and, ultimately, a failing business. 

What’s Hot on Infosecurity Magazine?