1. Increase your budget for data security
One of the problems most organizations face is the low budget they assign for data security, being seen as a low priority. In the last few years, budgets have grown, but it happened for big companies and enterprises, leaving small and medium businesses behind. The pressure to increase budgets comes from several directions: industry rules and regulations (HIPAA, PCI, SOX, etc.), more and more breaches that come to light, more complex work environments with more platforms and devices that store sensitive data, etc. With things changing and threats being more sophisticated, increasing budgets to invest in security solutions that prevent data breaches is mandatory.
Incident response should also be part of the data security plan. The European Union’s General Data Protection Regulation states that companies take too much time to detect a breach and respond to it.
Once this regulation will be mandatory, companies will be penalized if they don’t comply with it. Without a proper budget, your IT department won’t be able to protect confidential data that resides on users workstations, regardless if they are computers or mobile devices.
2. Have a plan B
One of Murphy’s laws says that if anything bad can happen, it will happen. So, even if you think you’ve done everything you could, you better prepare for the worst and make sure you have an incident response strategy. The response time of a data security incident can be reduced by anticipating possible scenarios and doing simulations. It’s important to never think you’ve finished securing your data. It is a never ending process and not treating it this way is a big mistake.
3. Expand the security solutions you’re using
Nowadays, an anti-virus software is not enough. It may come as a shock to many of you, but there are a lot of companies which are still relying only on antivirus. There are several layers that need to be covered and, if you want your data to be fully protected, besides antivirus, network security, encryption, IPS, etc. you should also consider data loss prevention solutions. You can categorize the security tools by the type of threats they address, like external threats and internal threats. This way, it is easier to evaluate the security tools and to know if they cover your needs.
4. Protect all of your data
Chances are that in 2016, hackers and malicious individuals which can also be insiders will target data that is more complex than credit card numbers or financial information. Even though those are extremely important, there are also other types of data you need to protect.
Of course, the type of confidential data that a business stores can vary from organization to organization. While for some companies, like pharmaceutical and engineering, patents and other intellectual property are highly important, for others, like call centers and advertising companies, customer databases or marketing plans are what makes them more vulnerable. All organizations should clearly define what confidential information represents for them and make sure they apply all necessary measures to protect it.
5. Offer your employees training regarding the importance of data secure
A recent report showed that millennials are a greater risk to corporate data than other categories. The report concluded that 50% of the millennials that responded think that security is not their responsibility. The same percent said that they use their work mobile devices for personal purposes.
Each and everyone one of your employees is responsible for your business’s confidential information, so you have to make sure they understand the risks associated with a data breach.
What data security resolutions do you have for this year?
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.