Digital Security: Preventing Unauthorized Access to Company Data

David Geer

Modern cyberthreats cost companies in many ways. Major data breaches have led some chief executives to resign from their organizations. Brand damage, fines, lost business and revenues, and dips in stock prices are only tip of the breach-aftermath iceberg.

Organizations must recognize and mitigate the threats that affect their digital security most. Businesses should assess common and concerning threats and the safeguards they need to protect digital information.

Contemporary threats steal data by leveraging people’s trusting nature; taking control of user credentials and privileges; and infecting computers, networks and mobile devices. New and evolving threats eradicate data, distract security teams so hackers can commandeer the enterprise, and use artificial intelligence (AI) to outsmart smart security technologies. Nation-states steal intellectual property, cyber-thugs extract consumer bank-card details and nonpublic personal information (NPPI), and the list goes on. But, for every attack, there is a defense.

One good approach to protecting digital information is to determine what data the organization values most. Know the risks to that data where it lives and where it travels in systems and on the network. Find the best comprehensive solution designed to protect that data in those instances. Then, choose any additional security measures that are necessary for the remaining risks and data.

Organizations can align appropriate security measures with specific threats. Address social engineering, for example, by educating employees about phishing attacks. Use multifactor authentication (MFA) so hackers who guess usernames and passwords still don’t have enough information to control user accounts and devices. Apply behavior-based anti-malware that detects malicious software and viruses by watching how they act.

Organizations can use data backup technologies such as Backup-as-a-Service or Disaster-Recovery-as-a-Service to recover from Destruction-of-Service (DeOS) attacks. Consider using cloud services that intercept and clean distributed denial-of-service attack traffic before it reaches the organization’s network. Organizations can mitigate malware threats with AI-enabled, behavior-based anti-malware solutions that vendors update as soon as new strains of the intelligent malware appear.

For nation-state attacks, enlist the help of the government, including agencies such as the FBI, that have expertise in tracing digital assaults on corporate data. Thoroughly vet any foreign vendors and service providers you use. Fortify Point-of-Sale (POS) and e-commerce systems to limit attacks on card data.

There are solutions that work across a number of different threats. Most organizations can benefit from network- and security-monitoring tools that identify suspicious activity and attacks. These tools work with other security products such as firewalls to respond to threats automatically by dropping the threatening internet/network connection. Data-loss-/data-leakage-prevention (DLP) technology can help keep protected data safely within the organization. DLP products can inspect outbound traffic for specific kinds of information and drop the connection at the firewall before the data exits the enterprise.

New threats arise all the time, increasing the cost of doing business. But with practice, organizations can follow the threat landscape to discern which attacks and threats concern them most.

Good relationships in the marketplace help organizations discover their best options for protection from every new cyber-menace that comes along. New solutions from current vendors or updates to existing products can keep your data safe. As scary as the headlines may get, organizations can thrive in the modern world of cyber risks, with the right amount of care and mindfulness.

More in Privacy & Security

Comments

SHARE YOUR COMMENTS HERE