Stolen credit cards. Ransomware extortion. Corporate espionage. Every week, there’s a story in the news about a security breach at a major corporation. Last week, hamburger joint Wendy’s announced a malware infection, joining a growing list of organizations that have suffered from security compromises including Home Depot, Target, Neiman Marcus, and others.
The good news? With a strong security strategy, your organization can be protected. Here are five strategies for making sure your organization’s data—and your customers’ data—is secure.
1. Understand your organization’s business requirements.
Your organization’s business objectives must serve as the underlying foundation for all its security initiatives. Otherwise, how can you possibly know if they will enable or inhibit the business? Fortunately, bridging the gap between IT concerns and business objectives is becoming mainstream every day as more c-suite executives are talking about security in their boardrooms.
2. Know your “threat vectors.”
Every organization has a different set of “threat vectors,” or major areas of concern. A threat vector at an oil refinery might be remote sensors that monitor oil pressure at off-site locations and need to be protected. In healthcare, a threat vector might be doctors who work from home and leverage remote vpn access, and you need to protect patient information. In banking, a threat vector might be remote ATMs running antiquated OS. Hybrid cloud solution, know what applications and usage remain in your private cloud and what applications are offloaded to the public cloud. Once you identify your organization’s unique threat vectors, you can begin to address them one-by-one.
3. Work on “security hardening.”
Make sure the outer shell of your organization is hard to penetrate. This requires a perimeter and layered defense solution. Firewalls, IPS, mobile device management, malware, VPNs, ISP circuits, 2-form identity factors, and other security strategies should all be considered. The main objective here is to make sure hackers can’t penetrate your network in any way.
4. Be mindful of inside threats.
Make sure your security strategy isn’t like a moist chocolate chip cookie: hard on the outside but soft on the inside. 70-80% of security breaches come from inside the organization, perhaps from a disgruntled or fired employee. You should always be able to identify who’s accessing what data and why. What permissions does each person have? What knowledge can they extract? Who took what? You should be able to answer these questions at any time. Make sure your inside security is as hard as the outside.
5. Logging is Everything
Leveraging log management and a SIEM solution is of utmost importance in building a secure network environment. Logging information from multiple sources, firewalls, IPS, routers, switches, etc. provides a wealth of valuable information. By joining both of these functions, it allows quick interpretation and threat intelligence of the abundance of information. Organization are able to quickly wrap real-time analysis and correlation of where/when/why/what/how a threat infiltrated their network. This provides improved productivity, optimization of business process and visibility to achieve a secure environment.
To do security right, you need to support your organization’s business processes with agility, speed, and systems. You need a consistent solution that optimizes your network. If you focus on these things: running the business, growing the business, transforming the business, and securing the business, then you’re doing it right.
If you need help, we’re just a phone call away.