In our previous blog, we looked at some of the recent changes to the regulatory landscape. Getting out from between a rock and a rock and a hard place starts with implementing best practices that reduce the risk of exposing sensitive data to cyberattacks.
Six Best Practices You Can Take to Protect Your Data
With that in mind, let’s look at six best practices that your organization can quickly take to protect its data and (of course) the data of your clients as well. While data protection is an organization wide initiative, there are some best practices your organization can quickly implement to significantly bolster protection of your (and your clients’) sensitive data.
Keep Your Software Up to Date
One of the most common ways that hackers can access your sensitive data is through vulnerabilities that are identified. Those vulnerabilities can occur at any layer of software – from the operating system to the applications your organization uses. And they can be discovered by anybody, including hackers.
One example from last December was the Log4Shell zero-day vulnerability (which had been unnoticed since 2013 until it was discovered) identified in Log4j, which is a Java-based logging utility that is literally found in millions of servers across the world. The patch was issued without much fanfare and many companies were able to apply it before attackers could exploit the vulnerability in their environments. At least one company, however, was hacked within the mere four-day window before they could apply the patch. It’s important to keep your software up to date and apply any security patches quickly to minimize exposure.
Disable or Remove Unnecessary OS Services
Most operating systems have certain “out of the box” settings that may need to be adjusted to enhance security. In Windows, for example, removing services that are not required, like Telnet and FTP (which are clear-text protocols) and disabling LAN Manager authentication can reduce potential vulnerabilities. For Linux, disabling unnecessary services and ports, trust authentication used by the ‘‘r commands’’ and unnecessary setuid and setgid programs also eliminate some vulnerabilities within the operating system.
Protect the Endpoints
Endpoint workstations and servers are often the route into your data by hackers, so it’s important to maximize protection to protect those endpoints. Antivirus software must be installed and kept current on all servers and workstations – it’s your most critical line of defense! That includes anti-spyware and anti-adware tools as well – often, they are bundled together today.
Personal firewalls and Host-based Intrusion detection systems (IDSs) can also provide additional protection. It only takes one vulnerable endpoint to put your data at risk.
Perform Cybersecurity Penetration Tests
Penetration testing is the testing of a computer system, network or web application to identify security vulnerabilities that could be exploited. Penetration testing can either be automated or performed manually and is typically conducted by a security company with experience in identifying security weaknesses. Conducting a penetration test periodically can enable you to find vulnerabilities before hackers do.
Establish Policies for Departing Employees and Third Parties
Your organization’s data isn’t just vulnerable from outside hackers – it’s often the insiders who can do the most damage. In a recent survey, 83% of respondents continued accessing accounts from their previous employer after leaving the company and 56% of respondents said they had used their continued digital access to harm their former employer! In one example, a fired HR executive deleted 17,000 resumes after she was fired!
When employees (or even third-party contractors) leave, there must be strong policies for eliminating their access to all systems and confirming that all access has been cut off.
Implement Multi-Factor Authentication Everywhere Possible
Implementing two-factor (2FA) or multi-factor authentication to require at least a second form of authentication for access may be the most important best practice of all. According to Microsoft, your accounts are 99.9% less likely to be compromised when using MFA. If a hacker is able to get your password to a system, but doesn’t have your cell phone to accept the authentication code, it doesn’t do them much good, does it?
These six best practices can significantly reduce the risk of exposing sensitive data to cyberattacks and it’s important to work with experienced professionals who can help you implement these mechanisms.
However, there is more to data protection than just these best practices. A comprehensive data protection program also encompasses best practices for identifying, securing, and minimizing sensitive data as well. It also encompasses a thorough program that includes comprehensive documentation and rigorous training of employees and contractors. Next time, we will look at those programs to take data protection to another level!
For more regarding our security, privacy, and compliance capabilities, click here.