Is your company’s data protection strategy sufficient for the realities of modern Internet communications? Data protection is of increasing concern to any business which keeps any secured or non-private information on themselves or their customers. For one thing, according to a recent Verizon survey, unwanted data intrusions were at an all-time high in 2011-2012, with numerous high-profile attacks on companies like Amazon and Sony’s Playstation Network.
Further, as it turns out, 97% of those intrusions were avoidable. These weren’t perpetrated by “inside men.” They were accomplished by outside hackers exploiting security flaws.
On top of that, there is an ever-increasing array of data protection strategy standards your business is expected to adhere to. These come from both governmental regulations, such as the Sarbanes-Oxley (SOX) law, and from private sources such as the Payment Card Industry Data Security Standard (PCIDSS).
Your company needs a comprehensive data protection strategy. Here are five best practices to help ensure you have one:
Five Best Practices For Data Protection
I. Have official standards: First of all, you need an official written copy of your data protection strategy. It should have well-documented and unambiguous specific policies as well as corrective methods for dealing with security flaws as they are discovered.
II. Employee training: Fundamentally, most security problems are due to user error. Your network admins should be rigorously trained in proper data retention standards, and your workforce at large should be trained on handling of non-public information.
III. Security measures centered around restriction of access: No one should have access to secure files unless they need it. The default should always be to block access when in doubt as to a user’s authenticity.
IV. Robust monitoring and reporting: Security policies should be routinely tested and probed to verify their efficacy. All network activity needs to be logged, preferably including a read-only copy that even administrators cannot alter. Robust reporting will help you detect any potential intrusions early.
V. Offsite backup: Moving your files onto secure servers offsite, such as through Cloud storage solutions, can ensure you have a reliable copy of your data to restore from or compare against if a security issue did arise.
A robust data protection strategy isn’t optional today; it’s mandatory. You should be constantly reviewing your data protection and retention policies to ensure they are protecting vital data and warding off intruders. Clear policies and good monitoring will ensure your success.