Any business that still thinks it doesn’t need to invest in information security needs to take a moment and consider two numbers:
- When a test placed a new server online, it took only 52 seconds before hackers attacked it.
- The average cost of a data breach in the United States is $8.19 million.
Can you afford to lose more than eight million dollars in under a minute? No matter what your business is, it’s at risk, and protecting networks, data, servers, and other corporate IT resources need to be a priority.
Developing an effective information security strategy is complicated. To get started, focus on critical categories:
Credentials are the keys to the kingdom, so keeping them safe is priority one. This is both a technological and a human factors problem. You can use technology to require strong passwords, to implement two-factor authentication, to limit privileged access, and to leverage role based accessed controls, among other methods, to ensure that credentials are assigned, protected, and verified. Users need ongoing training in safe computing, to ensure they know how to create and protect passwords, use mobile devices safely, and avoid falling for phishing emails.
While some hackers are intent on destruction, most are after data. Make sure data is protected both at rest and in transit through strong encryption. In addition, protect your data from ransomware by implementing a reliable backup and recovery process. You can also consider using tools such as data loss prevention software and cloud access security brokers to stop data from sneaking outside your corporate network.
Servers are most often vulnerable because they’re using out of date software that hasn’t been patched. For security reasons, it’s important to use supported software and to apply all vendor patches as soon as possible after they’re released.
The network is where intruders find the front door to your systems. Firewalls and other tools help keep hackers out. Other tools, like data loss prevention software, help keep important data in. Your internal network design is also an important security measure; proper segmentation and use of internal firewalls can keep intruders who make it inside your perimeter from accessing the most sensitive data.
More and more company IT resources reside outside the corporate walls and in the cloud. Keeping data in the cloud secure requires action by the cloud provider and also by the data owner. Improper cloud configurations can accidentally make data publicly accessible. Consider using a cloud access security broker as an additional control over access to data in the cloud.