People-centric Data Security
With all the advanced tools and technologies available to combat cyber-crime, you’d think data would be relatively safe. Much of it is but as the media headlines indicate, a large portion of data continues to be compromised. It’s hard telling how much more may be at risk.
There’s no single guaranteed approach for ensuring data security but one important strategy is to focus on people, not just on technologies. These 12 tips can help.
- Develop a playbook of the most common “insider” threats along with a checklist for actions to take.
- Manage potential “insider” threats better by continuously analyzing the risks of every interaction between users and networks, endpoints, applications, data and even other users.
- Take advantage of every opportunity to better understand how employee behavior and intent relates to security issues. Incorporate that information into your company’s IT security policies, including those for BYOD and data access.
- Data security should be integral to each employee’s role. But unless it is spelled out as such, most employees don’t make it a priority. Change that by making data security one of the requirements of your employees’ positions.
- Emphasize personal responsibility and arm your employees with information. This is particularly important for BYOD. BYOD puts significant responsibility on employees to safeguard information, comply with the law, and manage their personally owned technology to higher standards than they may understand. Educate them on regulations and standards that apply to your industry and offer practical guidance for device security, information security, and device management.
- Implement frequent employee training and follow up on IT security. Include best practices for computer and mobile device usage, in addition to information on your organization’s security policies.
- Make sure employee IT security training focuses on behavioral change, not just awareness of security and privacy risks. All the training in the world won’t minimize insider data breaches if people don’t change their actions. Include a testing component to help ensure employees understand what they are learning. Follow up with periodic refresher courses.
- Involve representatives from across all areas of your organization when you develop data security policies. Their input will help you better understand data use throughout your organization, privacy considerations, regulatory requirements, and potential roadblocks to implementation.
- Consider appointing data protection ambassadors who can help keep data security and privacy top of mind within their departments.
- Use daily data security tips that appear on your Intranet or on the screens of your employees’ computers when they log in. Post data security awareness posters in employee gathering areas. Implement incentive programs that award employees for suggestions that can help improve IT security or for successfully mitigating data loss.
- Rally senior management’s support for funding IT security budgets and for setting the tone for cybersecurity efforts in the organization. Just informing them of data breaches at other companies— and the subsequent fall out — can boost their support for data security initiatives.
- Augment your in-house security staff with third-party IT security expertise. These experts stay on the frontlines of data security best practices and their knowledge can often be more effective than the most sophisticated technologies at battling cyber threats.
Your Best Defense
Significant advances have been made in developing technologies and processes to protect data. But making people the foundation of your data security strategy may be the most effective and efficient safeguard.