Tap to email Tap to Call
Tap to email Tap to Call

Cybersecurity Overview: Data Security Best Practices

Cybersecurity Overview: Data Security Best Practices

Posted: March 11, 2022

Data security is a moving target: Cybercriminals get more advanced each day, and an organization cannot possibly defend itself all on its own. Cybersecurity requires an ecosystem of constantly working vendors, service providers, consulting firms, and more.

Applying best practices will deliver better insights when evaluating your organization’s data security ecosystem. Here are six best practices to build into your cybersecurity efforts:

Best Practice #1: Thoroughly Evaluate Your Risk

To understand your cybersecurity needs, you must understand the nature and extent of your risk. A thorough risk assessment will help your organization prioritize your security measures and develop a strategy that best serves your business. Any organization with an Internet-connected system is at risk for a cyber breach. Data security is an essential part of Information Technology. It protects data from corruption while applying digital privacy measures to prevent unauthorized access to computers, databases, websites, and other electronic properties.

Before implementing any data security solution, the crucial first step is to conduct an in-depth analysis of organizational data, storage methods, and business-specific security concerns – your cybersecurity maturity level. A vendor-neutral consulting organization can help you objectively assess your organization’s cybersecurity risk and tailor your data security plan accordingly.

Best Practice #2: Educate Employees Early and Often

Informed employees are the first line of defense. Employees must be educated so that they are knowledgeable about ways that outsiders can gain access to sensitive organizational information.

Threats most often come from well-meaning employees who inadvertently help perpetrators by providing them with access to your system. Employees should never enter personal or company information in response to an email, webpage pop-up, or other forms of communication they did not initiate. Phishing techniques such as spam emails and phone calls are used to find out information about employees, obtain their credentials, or infect company systems with malware. Employee password policies that mandate strong passwords and require them to change every 60-90 days help combat phishing attempts.

Data security protocols will evolve over time as cybercriminals adapt to measures already in place. It is vital to educate employees and have them sign a document attesting to their awareness and understanding of the policies in place and knowledge of repercussions for not following procedures. Employees need to be kept informed of the policies and remain accountable for doing their part in protecting the organization.

Best Practice #3: Rigorously Apply Access Policies

Because users play such a pivotal role in data security, organizations must develop comprehensive access policies to protect working and stored data from unauthorized use. Business is at risk of disruption, data loss, or monetary loss if an organization does not have a cybersecurity strategy. Storage and backup policies need to be developed to ensure that the data can be recovered. Access controls restrict information based on the principle of least privilege: users should only have access to essential data needed to perform their job. Access controls can be physical, technical, or administrative.

Security needs to be considered for both working and stored data. Sensitive information should not be stored on computers connected to the Internet. Cloud-based solutions must have security built in to protect data and access – organizations should not assume that any third-party cloud solution automatically includes adequate access controls. Access to server rooms should be restricted, and only trusted individuals permitted to troubleshoot computer problems. Confidential data should not be sent via email or File Transfer Protocol (FTP) unless sufficient data encryption is employed. Network access controls should be set on wired and wireless networks to ensure that anyone accessing the network has the correct authorization to do so.

Finally, all employee devices accessing the organization’s network be password protected. Password best practices state that employees use passwords with upper and lowercase letters, numbers, and symbols. Organizations should also require that employee passwords be changed every 60 to 90 days.

Best Practice #4: Implement Layered Protection Approach

Implementing multiple layers of security mitigates the risk of single point of failure in the IT infrastructure and control measures.

The sensitive data is at the innermost layer that must be protected. Adding different kinds of protection layers to the data layer and the outer layers makes the work of intruders harder. Properly configured detection and alerting system at each layer increases the success of response actions to thwart the intrusion attempts.

Listed below are the approaches that are associated with layered security:

  • Data Encryption – Used to deter malicious access to sensitive data, encryption ensures that information is encoded. It can only be accessed by a user with the correct encryption key. Critical business data should be encrypted while at rest or in transit, whether via portable devices or over the network. Again, organizations cannot assume that their cloud provider automatically supplies an encryption service. In general, encryption is the customer’s responsibility; encryption equals an increase in the cloud provider’s costs, so most do not include encryption or offer only partial encryption. Organizations using a cloud-based storage service are advised to pay for an end-to-end encryption service or encrypt the data on-premises before uploading the data to the cloud.
  • Firewalls and Proxy Servers – Helping to prevent data escape via malware or hackers, firewalls are the first line of defense in a network because they isolate one network from another. Firewalls include hardware and software solutions and either verify or block data traffic on the network. Similarly, proxy servers act as negotiators for requests from client software seeking resources from other servers. Proxy servers restrict Internet access to sensitive data by evaluating a request and then allowing or denying it.
  • Data Redundancy– Solutions that protect against data loss by storing information in multiple physical or virtual locations bolster data security and help prevent data loss. These include:
    • Redundant Array of Independent Disks (RAID), which allows your servers to have more than one hard drive
    • Clustering (connecting multiple computers to work together as a single server); and
    • Load balancing (splitting or mirroring the workload across multiple computers).
  • Multi-Factor Authentication (MFA) – One of the most common methods of practicing data security is authentication. MFA is a critical component of Identity and Access Management (IAM) involving additional credentials such as a security code from the user’s smartphone, an answer to a secret question, facial recognition, fingerprint scanning, and others.
  • Endpoint Security Systems – In today’s environment, with increased use of mobile devices, a network’s endpoints are expanding and more nebulous than ever before. At a minimum, organizations should employ the following technologies to combat data breaches:
    • Antivirus software
    • Antispyware
    • Pop-up blockers
    • Host-based firewalls (to prevent attacks that originate within a private network)
    • Host-based intrusion detection systems (IDSs) (to monitor system state and identify system files that are unexpectedly modified).

Best Practice #5: Regularly Test Your Backup and Restore Procedures

Unfortunately, no organization is immune to data breaches. Acting quickly is critical in minimizing damages. A proactive approach that includes a data breach response team will help ensure that these attacks are dealt with swiftly and effectively. The response team should establish a thorough data breach plan. This plan specifies the workflow and chain of command to follow during a data protection breach and who is responsible for each aspect of the response. A disaster recovery plan should also be created to outline scenarios for quickly resuming work and minimizing interruptions after a data breach.

One of the most critical data management tasks is keeping backups of data. Recovery could be slow, costly, or even impossible if data is lost. The Backup 3-2-1 rule should be followed: Three (3) copies of your data should be stored –  two (2) copies on two different media types and one (1) copy offsite. Offsite copy should be stored in a geographically different location than the main servers to prevent disasters such as acts of nature or accidents from destroying the organization’s core data.

Most importantly, no matter which strategy you choose, you periodically test the backup and restore procedures. Are your plans still adequate to your needs? Have you adjusted course to respond to changing threats? Is your team up to the task of maintaining your data integrity? If the answer to any of these is no, it may be time to seek additional support.

Best Practice #6: Rely on the NIST Cybersecurity Framework.

The Cybersecurity Framework published by the National Institute of Standards and Technology (NIST) at the U.S. Department of Commerce offers a simplified data security framework for organizations of all sizes. Adopted by organizations worldwide, the framework consists of standards, guidelines, and best practices, organized around five mandates: Identify, Protect, Detect, Respond, and Recover. Any security vendor you work with should be familiar with the framework and ready to apply its standards and guidelines to your project.

Conclusion

Everyone on your team must make data security a top priority to protect organizational data. This includes continually monitoring the latest threats and utilizing effective prevention technology. Subscribe to Momentum’s news and blog portal to stay updated on current cybersecurity trends, technologies, and best practices.

Parts of this post have been adapted from a 2021 Momentum white paper, Data Security: A Security Strategy Overview. To read the entire white paper, drop us a line at info@m-inc.com.

Contact Us

    What Our Clients Say:

    “Momentum completed a project that has not been successfully completed by any other team tasked with the same responsibilities before it. ”

    What Our Employees Say:

    “I would have to say that my position at Momentum is probably the best job I ever had.”

    What Our Partners Say:

    “Love working with Momentum.  Very responsive, put together a great proposal product, and always have good consultants.”
    View All Testimonials

    2120 Market Street, Suite 100
    Camp Hill, PA 17011
    Phone: (717) 214-8000
    Email: info@m-inc.com