5 Summer Data Protection Tips
June 19, 2016 3:32 PM
Employees in every industry are beginning to take time off to enjoy the summer season. But when members of the IT department, which are often already understaffed due to lack of resources, head out for weeks at a time, how can a business ensure that its sensitive data is protected from all kinds of threats? Salo Fajer, chief technology officer at Digital Guardian, offers the following tips to help data professionals and leaders in the IT community prepare the organizations they work with for any vacation time they may spend away this summer. (This slideshow originally appeared on Information Management)
Timely Training
Hosting company-wide cybersecurity training sessions is critical for securing data at every point in the year, but June and July is a particularly good time to host a training session. At nearly the halfway-point in the year, employees may be getting lax in their vigilance against email phishing attacks and other threats. These sessions will remind employees of best practices when it comes to preventing falling victim to a scam. This information will be most useful for employees during the July and August timeframe, when IT is most likely to be on vacation, and when attackers know that systems may be less protected.
Gamification
Traditional approaches to protecting sensitive data involve workflows that are cumbersome and focused on punishing the end-user. This security professional/end-user relationship paradigm often breeds negative attitudes towards one another. Consider flipping this paradigm by gamifying your cybersecurity strategy for a fun and interactive learning experience. An example of gamification is rewarding employees with digital badges for every good, secure behavior they exhibit. Once employees begin collecting badges, foster friendly competition and watch them climb the leaderboard towards prizes.
Consider data-protection software
Sophisticated attackers are not defeated by antivirus software alone. Putting in place data protection software that can fully lock-down confidential data, both structured and unstructured, is the only way to ensure that an organization is safe while IT is away. This includes solutions such as Data Loss Prevention (DLP) that provide organizations with automated classification to tag and identify PII, PCI and PHI data. Sensitive data is what the attackers are seeking, so the software an organization uses should prioritize protecting the crown jewels themselves, not just securing the digital walls around them.
Place Enforcement Policies
Before heading out on vacation, ensure the organizations data protection software has outlined proper, strict enforcement policies to completely prevent confidential data from leaving the corporate IT environment. Set the companys policies to automatically block or encrypt sensitive data on corporate emails and files. Having these policies in place while youre away will protect the companys data in the event that an attacker strikes.
Be Prepared
Despite taking all the necessary steps to prevent an intruder from gaining access to your organizations data, history has proven that attackers can and will get in to your network. Prepare and routinely update an incident response plan to have at the ready for your team to enact if youre out of the office during one of these events. Immediately following a breach, the organization should identify the information compromised, isolate the data and decide how to inform those customers impacted by the event. The next priority should be to alter the method to avoid future data breaches, including thoroughly testing the protection software currently in place.