Mitigating the Risk of an Inevitable Data Breach

Data breaches are increasing at an alarming rate, both in frequency and sophistication. Think you’re immune? Guess again. Data breaches aren’t a question of “if,” but rather “when.” If you’re concerned about your organization’s operations, financial health, customer loyalty or brand, then you need to be proactive in defending against a data breach. There are a number of best practices organizations can adopt to ensure their data and content does not fall into the wrong hands.

Encryption keys: The ongoing debate between Apple and the FBI over encryption emonstrates how effective encryption can be in preserving customer data. If your business transfers or stores your customers’ personally identifiable information (PII), it’s very likely those customers want you to ensure their PII remains private. As a result, make sure your IT systems and devices encrypt PII and other confidential data both in transit and at rest. An encryption solution that complies with rigorous standards such as FIPS 140-2 is advised. Similarly, ensure your organization or your customer maintains control of their encryption keys. Allowing third party public cloud storage providers access to manage your encryption keys creates vulnerabilities that are best avoided.

Private clouds: Private cloud hosted deployments give organizations the opportunity to leverage cloud computing infrastructure and resources while ensuring that data is not co-mingled. Specifically, a private cloud infrastructure enables organizations to keep servers, storage, application service, meta-data, and authentication within the firewall to guarantee and control data residency. This is critical because privacy laws such as the EU Data Privacy Directive set strict limitations on how organizations collect, use, store, and transfer the personal data of employees and customers.

Eliminate Shadow IT: In a BYOD-enabled workforce, Shadow IT, products and services used by employees without the knowledge or approval of the IT department, is everywhere. Whether it’s business productivity, social media, file sharing, storage, and backup, these apps are typically designed and developed to be convenient rather than secure. As a result, it’s not uncommon for these apps to be infected with malware that is capable of accessing information stored within mission-critical applications. Thankfully, there are precautions organizations can take to protect the increasing amount of sensitive data that resides on a mobile device. For starters, employees should regularly update apps when newer versions are made available. IT departments can also establish and enforce a mobile app whitelist to manage which apps are approved (read: safe) for employees to download.

Once again, data breaches aren’t a question of “if,” but rather “when.” Nevertheless, by taking a proactive approach to IT security that includes these best practices and supplemented with cybersecurity training that keeps employees aware of threats like phishing scams, organizations can largely mitigate the risk of a data breach.

To download the whitepaper - Primer on Cloud Content Encryption and Key Management, click here.




Latest Security Problems Solved

Privileged Password Management - Pitfalls to consider More >
SIEM matures, however landscape changes. More >
2014: The Year Encryption Comes of Age More >
The key to a secure BYOD-enabled enterprise More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >