In my forthcoming book, Swiped, partially excerpted below, I examine some of the enterprise level,cybersecurity best practices. These are the questions organizations need to ask themselves if they want to protect the data they are sitting on. Some of the considerations:
- Does the organization use a standards-based security architecture that is integrated into all technology processes? In plain language, sending personal information via attachment on anemail is a “technology process.” This would include both the way data is stored (is it encrypted) and where it is stored (is it online or offline), etc.
- Does the organization provide employee security awareness? Employees are often thehacker’s first point of attack (think spearphishing, easily deciphered passwords, mindlessly misplaced smartphones and laptops, and improperly secured devices that access your secure systems). Comprehensive training is a must.
- Security must be layered. Like very tall, electrified fences and deadbolts on your doors, multiple layers of security can slow down cyberthieves as well as limit what they can access and pilfer in a single attack. Adopt a “minimum necessary access” policy. Allow users (and their devices) only what they need to perform their required tasks. Update access rights in response to personnel or system changes. Never permit multiple employees (or department members) to share a password. Assign each a discrete password, and never let them share passwords.
- Your system must be segregated. Segregate financial, security, customer and employee data storage systems from each other as well as from the data used for routine operations management.
- Bring Your Own Device? If you allow it, set stringent protocols, including security programs and other precautions.
For the full article click here
from cyber security caucus http://ift.tt/1htJ7tY
via IFTTT
No comments:
Post a Comment