Top 10 Data Security Tips to Safeguard Your Business If passwords are too simple, hackers can employ a ‘dictionary attack’ which automates the use of a combination of dictionary words and numbers to crack passwords. Make sure employees are aware of this and set password polices that force them to use special characters and change their passwords frequently. that security software reinstalls if it is removed or damaged, accidently or on purpose. Persistent security software will also allow you to run encryption and anti-virus status reports so you can prove these solutions are in place and operational at the time of theft. 5 . C O MMUNIC AT E CL E A R D ATA A ND DE V I CE U S A GE P O L I CIE S 8 . TA K E A L AY ER ED A P P R O A CH T O SEC UR I T Y T ECHN O L O GY With the wave of personal devices and connected ‘things’ such as wearables entering the workplace, it is important to review BYOD and COPE policies frequently to ensure you are keeping up to date with the latest trends. There is no Holy Grail of data security software. Hackers have sophisticated methods to gain entry so it is critical to take a layered approach to security technology on all your devices and networks. Multiple security solutions will reduce the threat landscape, prevent advanced attacks on your network and alert you to a persistent threat or any anomaly so you can take the appropriate action. Guest wireless networks should be isolated. If an employee device connects to the corporate network, the device should be checked for compliance and directed to a device enrollment page detailing the employee and company rights regarding the management of data. If employees choose to use a personal device at work, they must accept your BYOD policies. Choose an asset management tool that is capable of managing multiple device types (including desktops and laptops) and ownership models. If a specific device doesn’t provide the necessary baseline security requirements, such as on-device encryption, it is reasonable to say no to the employee who wishes to use it. Just be clear about your policies and the devices you will support. 6 . U SE EN CRY P T I O N Data encryption is a must. Encrypt all data that is stored on portable devices including laptops, tablets, and smartphones. If encryption is in place when a device goes missing, whoever accesses the data won’t be able to read it. Encryption software will also help you to defend your company against a negligence claim in the case of a data breach—as long as you can prove encryption was in place and working properly at the time of the breach. Persistence technology ensures that security software reinstalls if it is removed or damaged, accidently or on purpose. 7. C O MP L EMEN T YO UR EN CRY P T I O N W I T H P ER SI S T EN T S O F T WA R E Choose a persistent endpoint security and management solution that will allow you to maintain a connection with a device regardless of user or location. Persistence® technology ensures 9 . K EEP S O F T WA R E UP -T O -D AT E Hackers are experts at exploiting vulnerabilities found in software. Developers release regular patches to plug security holes and it is important that you have an asset management tool in place to ensure that these patches are installed automatically. Be diligent with your updates and don’t wait to install a patch. One inadvertent downside to patching is that it provides a hacker with the code to understand the vulnerability that the patch is intended to repair. With this information, hackers can target devices and systems where the patch has not yet been implemented and exploit the fault to their advantage. 10 . B E P R EPA R ED F O R A DATA B R E A CH We are all just one mistake away from a crisis. Build a data breach playbook filled with scenarios and response actions. Put escalation levels in place and decide how transparent you want to be about the attack and whether any regulatory bodies or customer groups need to be notified. In the case of a stolen device or rogue employee, ensure your endpoint security software allows you to perform remote actions such as data delete, data retrieval, device freeze, and, when necessary, launch forensic investigations. Data is the lifeblood of your organization and it requires time, resources and investment to protect it. With data regulations tightening across all industries, now is the time to act. Implement these tips to ensure that you have a clear view of what you need to protect. Then implement a layered approach to security so when a hacker comes knocking, he won’t be able to get in. © 2015 Absolute Software Corporation. All rights reserved. Absolute and Persistence are registered trademarks of Absolute Software Corporation. All other trademarks are property of their respective owners. ABT-Top-10-Data-Security-Tips-WP-E-070715 Whitepaper | 3 Please complete the form to gain access to this content Access Now Related Resources Forrester's Targeted-Attack Hierarchy Of Needs: Assess Your Core Capabilities Best Practices for Healthcare Data Breach Prevention Top 6 Security Considerations in Migrating to Microsoft Windows 10 The Cost of a Data Breach: Healthcare Settlements Involving Lost or Stolen Devices The Enemy Within: Insiders are still the weakest link in your data security chain
If passwords are too simple, hackers can employ a ‘dictionary attack’ which automates the use of a combination of dictionary words and numbers to crack passwords. Make sure employees are aware of this and set password polices that force them to use special characters and change their passwords frequently. that security software reinstalls if it is removed or damaged, accidently or on purpose. Persistent security software will also allow you to run encryption and anti-virus status reports so you can prove these solutions are in place and operational at the time of theft. 5 . C O MMUNIC AT E CL E A R D ATA A ND DE V I CE U S A GE P O L I CIE S 8 . TA K E A L AY ER ED A P P R O A CH T O SEC UR I T Y T ECHN O L O GY With the wave of personal devices and connected ‘things’ such as wearables entering the workplace, it is important to review BYOD and COPE policies frequently to ensure you are keeping up to date with the latest trends. There is no Holy Grail of data security software. Hackers have sophisticated methods to gain entry so it is critical to take a layered approach to security technology on all your devices and networks. Multiple security solutions will reduce the threat landscape, prevent advanced attacks on your network and alert you to a persistent threat or any anomaly so you can take the appropriate action. Guest wireless networks should be isolated. If an employee device connects to the corporate network, the device should be checked for compliance and directed to a device enrollment page detailing the employee and company rights regarding the management of data. If employees choose to use a personal device at work, they must accept your BYOD policies. Choose an asset management tool that is capable of managing multiple device types (including desktops and laptops) and ownership models. If a specific device doesn’t provide the necessary baseline security requirements, such as on-device encryption, it is reasonable to say no to the employee who wishes to use it. Just be clear about your policies and the devices you will support. 6 . U SE EN CRY P T I O N Data encryption is a must. Encrypt all data that is stored on portable devices including laptops, tablets, and smartphones. If encryption is in place when a device goes missing, whoever accesses the data won’t be able to read it. Encryption software will also help you to defend your company against a negligence claim in the case of a data breach—as long as you can prove encryption was in place and working properly at the time of the breach. Persistence technology ensures that security software reinstalls if it is removed or damaged, accidently or on purpose. 7. C O MP L EMEN T YO UR EN CRY P T I O N W I T H P ER SI S T EN T S O F T WA R E Choose a persistent endpoint security and management solution that will allow you to maintain a connection with a device regardless of user or location. Persistence® technology ensures 9 . K EEP S O F T WA R E UP -T O -D AT E Hackers are experts at exploiting vulnerabilities found in software. Developers release regular patches to plug security holes and it is important that you have an asset management tool in place to ensure that these patches are installed automatically. Be diligent with your updates and don’t wait to install a patch. One inadvertent downside to patching is that it provides a hacker with the code to understand the vulnerability that the patch is intended to repair. With this information, hackers can target devices and systems where the patch has not yet been implemented and exploit the fault to their advantage. 10 . B E P R EPA R ED F O R A DATA B R E A CH We are all just one mistake away from a crisis. Build a data breach playbook filled with scenarios and response actions. Put escalation levels in place and decide how transparent you want to be about the attack and whether any regulatory bodies or customer groups need to be notified. In the case of a stolen device or rogue employee, ensure your endpoint security software allows you to perform remote actions such as data delete, data retrieval, device freeze, and, when necessary, launch forensic investigations. Data is the lifeblood of your organization and it requires time, resources and investment to protect it. With data regulations tightening across all industries, now is the time to act. Implement these tips to ensure that you have a clear view of what you need to protect. Then implement a layered approach to security so when a hacker comes knocking, he won’t be able to get in. © 2015 Absolute Software Corporation. All rights reserved. Absolute and Persistence are registered trademarks of Absolute Software Corporation. All other trademarks are property of their respective owners. ABT-Top-10-Data-Security-Tips-WP-E-070715 Whitepaper | 3
