- December 20, 2020
- Posted by: guyadmin
- Category: Safety, Privacy & Security
Today the internet is the main tool of the most successful companies in our time. Yet its making businesses dependent on the success of their data security and exposed to the danger of disseminating sensitive and private data.
For all those who want to learn how to deal with this obstacle, 30 data security experts have discussed last July about some rules that will help you to avoid recurring errors when it comes to data security. Here are few of their conclusions:
- Companies are fail to understand the threat of breaching their data security. As a result, they don’t build a comprehensive, long-lasting and innovative data security plan and rely on false products that are ineffective over time. In addition, companies’ security teams often make decisions without considering their impact on the company’s business goals, and thus create an unprofitable and inefficient plan.
- Companies don’t check frequently where their data is stored and distributed. They need to be cautious about choosing a cloud provider, check its access and security, and make sure the data will not leak. Moreover, companies should encrypt important information, work with strong passwords and avoid reusing them, and be careful not to fall into “phishing attacks”.
- Many companies lack an orderly data protection policy. They need to understand how to classify data, who will get access to it, and how often this access will be checked. The management need to ensure backup to avoid data loss, work intensively to train employees for security awareness and be constantly prepare for disaster. Another common data security mistake is securing communications at the endpoints (e.g., using SSL, TLS), but not securing the communication between servers at the backend or failing to use two layers of encryption on notebooks when the data is very sensitive.
- Many companies rely on external security software instead of building an independent one. Sometimes this include breaches and therefore additional protections need to be placed, which comply with the information security regulations. Information security regulatory compliance is a specialty of its own that requires current industry interpretations, compensating control processes risk-based exceptions, and the complexities involved when multiple regulations appear to conflict. non-compliance with information is one of the leading mistakes that companies do and hence should be avoided while maintaining a simple and intuitive security process for the customers.
- Companies should work with technologies such as firewalls and pay attention to their security vulnerabilities. At the same time, it must not be forgotten that no technology can completely override human error. Therefore, companies must be prepared act with skepticism and alertness. Senior management must exercise oversight over breach mitigation with the same level of seriousness as it regards the company’s financial and product information. Furthermore, because most companies don’t have officials who monitor the critical data on a daily basis and prevent browsing or copying them to unauthorized systems, the management needs to find the balance between employees’ access needs for data and the will to act in compartmentalization.
- Many organizations tend to cut security testing or budget for security audits to only critical parts. Of course, this approach is better than nothing, however it certainly reduces the chance of finding dominant vulnerabilities. In addition, the resources that organizations allocate to data security are usually disproportionately weighted, and are insufficient to enable protection, prevention, response, and recovery. Therefore, in this field, minimal investment is a concept that can certainly be costly later on.
To sum up, in order to improve data security, companies must be aware of the threat, examine vendors and software (including their vulnerabilities), assimilate the importance of data security in the employees and invest the necessary budget. Also preparedness to incidents, over-caution, industry knowledge, and expertise in this area are necessary.