Security breaches are disruptive to my business. According to the Ponemon Institute’s Cost of Data Breach Study, the average cost of a security breach in 2015 was $4 million–up from $3.8 million in 2014–so every business needs to take data security seriously.
While there are lots of steps you can take, I talk with my clients about these three best practices.
Data is most vulnerable to attack when it’s being moved.
I recommend implementing SSL/TLS protocols. They protect client data as it moves across multiple locations—for instance, to cloud-based archives or off-site servers.
Secure Sockets Layer (SSL) provides a secure connection between two endpoints across three factors:
Transport Layer Security (TLS), an update to SSL, standardizes private digital communications. TLS works on two levels:
I protect my business’ data by controlling access to it. Cloud hosting service providers offer system administrators tools to ensure that employees have access to the business intelligence data they need to do their job, and nothing more.
Controlled access leads into some common sense follow-ups.
First, I encourage clients to limit the number of administrators in their system. That level of access is unnecessary for most employees to perform their duties.
Second, many clients have overly permissive firewall rules that have no business justification, which create easily correctable vulnerabilities.
Finally, I recommend my clients segment their network, thereby limiting attackers’ ability to move laterally through the system. Segmenting your network makes it harder for infiltrators to access sensitive data but requires an in-depth understanding of where your critical data is stored.
My company’s greatest security flaw was around company culture. My employees were often unaware they were exposing customers to security risks. They took actions because they were faster, or easier, or because they knew nobody outside of IT would notice.
When I see employee inattention as a security flaw, I coach my clients to develop a strong company culture around data security. By making it about protecting the business by protecting the client, I’ve achieved strong buy-in.
A strong data security culture means I educate my clients around the data life cycle:
These help me explain to employees, clients, and prospects how they can best protect the business intelligence data that needs to be protected when and where it needs to be protected.
Tier One Technology Partners is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (443) 589- or send us an email at email@example.com for more information.
I am still extremely pleased that Tier One continues to provide first class level of support. I am writing this because it is rare that a company and its individuals not only achieve but maintain excellence.