When you sieve out the data security techno jargon and vendor hyperbole, only a few key goals get distilled …
It is challenging to understand how to keep your data safe and secure from hackers. Whether you are moving your IT assets to the cloud, keeping them on premises, or taking a hybrid approach, data security is a top concern. Not every reader of CybersecAsia is a practicing IT expert, so I have created a list of actions that even non-technologists can take to get started:
1. Simplify the goal
Data security is like most other IT disciplines. It is full of arcane acronyms, complex technologies, and thousands of vendors claiming they can help. All these factors can make it difficult to confidently assess risks and solutions.
Solution: cut through the noise and secure the data.
Simplify your goal into:
- preventing unauthorized users from accessing your data, or
- being able to quickly detect and remove intruders if they do gain access
I have found that these two simple goals resonate with both technologists and business leaders. Filtering every security effort through this lens will get you off to a good start.
2. Find a trusted partner
Wading through countless security risks and potential solutions is a daunting task. Find a trusted security partner to help. There are plenty of boutique firms ready to lend a hand. Some of the larger, enterprise-class security vendors also have credible resources you can tap.
Do not hesitate to leverage your own network to help find experts—your peers likely face the very same challenges. Interview potential partners just as you would an employee—it is a critical role and relationship.
So, how do you know if you have found a good match? If they can both explain your security risks in plain English and how potential solutions line up with the above goals, it is a pretty good sign.
3. Install only a security solution you understand
The incentives to protect your data are extremely high. You may feel pressured to buy expensive solutions you do not yet understand. Spare yourself the headaches that come from ill-fitting and poorly implemented security solutions. Take the time to fully comprehend:
- The problems they claim to resolve
- How to successfully implement them
- How to measure the solution’s efficacy once it is in place
If you find a trusted partner, this task becomes a little easier.
4. Educate your employees
Employees are often the biggest security risk in an organization. Teach them how to spot phishing and other social engineering attacks. Education is one of the least expensive and most valuable data security measures you can take.
Staying ahead of the hackers requires regularly refreshing employee security awareness training, making security awareness part of your staff training and development, and—ultimately—establishing clear, security-related goals for everyone.
5. Weave security into daily operations
Learn how to read the reports that your security vendors and systems generate. Make sure you know what actions to take based on the information they provide.
Walk around the office and ask your colleagues if they have received any suspicious emails. Ask your trusted partners to teach your employees about some of the current top security threats and how to react to them.
Bottom line—do at least one very visible thing every single day to keep security top of mind in your organization.
6. Identify, fix and confirm problems are fixed
Once a security issue is brought to your attention, never leave it unexamined. Set a great example by taking each one seriously. Even simple issues like phishing emails can balloon into something very damaging if left un-remedied. You should only check issues off your list of to-dos when you know for sure that the risk has been satisfactorily addressed.
7. Have a checklist of these simple best practices
It can be easy to lose sight of data security. You have a million things demanding your attention every day. Tie a string around your finger, put your watch on your other wrist, or better yet, print a checklist and tape it to your office or cube wall.