Where's Your Data Hiding?
Data, specifically customer data, is the lifeblood of any major organization in the world today. Electronic streams of vital information flow dynamically through company networks daily to their destinations much the same way plasma cells flow through the arteries carrying vital oxygen throughout the body. Similar to the circulatory system in the human body, a corporation can face mortal peril if precious customer data is illegally removed from the environment.
Many companies define and categorize the various types of data they handle to better understand the impact that the loss of such data could have on their business and their brand name. They then take steps to protect that data, whether it be through large fortress walls (firewalls) on their network perimeter, endpoint agents (user workstation software), or a combination of the two. They then monitor these tools hoping that they are catching every bad thing on the network, much like fishermen cast a large net to catch tuna.
The good news is that many of these companies have multiple experts and tools who are working to secure their data. They may have tools that scan the I.T. infrastructure to ensure proper security controls, they may scan software application code for vulnerabilities, and they may even have data loss protection (DLP) that helps to identify vital data that is not properly secured. These are all great tools, but they are still just tools and NOT a silver bullet. While effective measures, they have many limitations as well. The true security silver bullet of any corporation is YOU! After all it is each of you who work with the vital data on a daily basis. It is through each employee taking a few proper steps to help companies secure their data and ensure that an organization’s critical bloodlines of communication are safe, that is the only way to truly protect a company’s brand.
These simple, yet highly effective steps are:
1. Do NOT store critical highly confidential and confidential data in unprotected areas like on your desktop, in email, in the cloud, mobile devices, USB Drives, share drives, in Microsoft Office Documents, in unprotected application fields like the comment or notes fields. Do store electronic data in appropriate ways and on designated protected servers.
2. Do NOT leave printed hard copy (paper) copies of information on your desk, the printer, at home, or out in the open. Do store them in a locked and secure environment or filing cabinet.
3. Shred unneeded hard copy documents.
4. Do NOT click on URLs (internet links) and attachments from unknown or suspicious sources.
5. Do report abnormal emails, stolen data, unusual network behavior, and suspected security incidents to the company’s information security team.
6. Do be aware of the physical security of our buildings. Do not allow people you do not know to tailgate you for access to a building and report anything out of the normal to a security guard.
7. If you are in IT, please ensure that the equipment or application code you are responsible for is properly hardened and secured.
8. Do LOCK your workstations, laptops, and mobile devices, but do not leave them in a locked car or trunk.
9. Do use encryption and/or proper file/access permissions when possible.
10. Do beware of shoulder surfers and people listening in on your conversations.
11. Do treat other people’s personal information like it was your own.
These simple actions will go a long way to secure your company’s data, your own data, and in the end your very job. Information security should be everyone’s responsibility, not just an I.T. problem.
Many companies define and categorize the various types of data they handle to better understand the impact that the loss of such data could have on their business and their brand name. They then take steps to protect that data, whether it be through large fortress walls (firewalls) on their network perimeter, endpoint agents (user workstation software), or a combination of the two. They then monitor these tools hoping that they are catching every bad thing on the network, much like fishermen cast a large net to catch tuna.
The good news is that many of these companies have multiple experts and tools who are working to secure their data. They may have tools that scan the I.T. infrastructure to ensure proper security controls, they may scan software application code for vulnerabilities, and they may even have data loss protection (DLP) that helps to identify vital data that is not properly secured. These are all great tools, but they are still just tools and NOT a silver bullet. While effective measures, they have many limitations as well. The true security silver bullet of any corporation is YOU! After all it is each of you who work with the vital data on a daily basis. It is through each employee taking a few proper steps to help companies secure their data and ensure that an organization’s critical bloodlines of communication are safe, that is the only way to truly protect a company’s brand.
These simple, yet highly effective steps are:
1. Do NOT store critical highly confidential and confidential data in unprotected areas like on your desktop, in email, in the cloud, mobile devices, USB Drives, share drives, in Microsoft Office Documents, in unprotected application fields like the comment or notes fields. Do store electronic data in appropriate ways and on designated protected servers.
2. Do NOT leave printed hard copy (paper) copies of information on your desk, the printer, at home, or out in the open. Do store them in a locked and secure environment or filing cabinet.
3. Shred unneeded hard copy documents.
4. Do NOT click on URLs (internet links) and attachments from unknown or suspicious sources.
5. Do report abnormal emails, stolen data, unusual network behavior, and suspected security incidents to the company’s information security team.
6. Do be aware of the physical security of our buildings. Do not allow people you do not know to tailgate you for access to a building and report anything out of the normal to a security guard.
7. If you are in IT, please ensure that the equipment or application code you are responsible for is properly hardened and secured.
8. Do LOCK your workstations, laptops, and mobile devices, but do not leave them in a locked car or trunk.
9. Do use encryption and/or proper file/access permissions when possible.
10. Do beware of shoulder surfers and people listening in on your conversations.
11. Do treat other people’s personal information like it was your own.
These simple actions will go a long way to secure your company’s data, your own data, and in the end your very job. Information security should be everyone’s responsibility, not just an I.T. problem.
Comments
Post a Comment