Six Things to do to Get Your Data Stolen
Most IT security practitioners tend not to adhere two one or two of these critical things, and that is definitely not good!
Your data and your house
Securing your data and securing your house are pretty similar. There are shutters to be closed and bolts to be drawn. There are firewalls to be drawn and passwords to be set. While getting a house robbed is easy, stealing data is even easier!
Here’s what you need to do.
Do not monitor data flows. Why would you want to be bothered to know what comes in and goes out of your house? Data is the oil that powers industry today. Why bother if it leaks? All that is bound to happen is loss of brand and probably complete collapse of your house.
Such data could be sent by someone who lives in your house. Your family? Or someone who has access to it, such as a domestic help or a vendor who fixed the faucet. The key point is why be bothered?
How do you secure your precious data on premise or on the cloud? Watch! ‘SAP Security On Premise and in the Cloud with Halocore’
Yawn. In case you’ve noticed that data does flow out of your organization, so what? Why bother blocking an unauthorized user from send data to somebody outside? Okay. That would definitely help complement your existing unwanted IT security solutions such as firewalls and anti-malwares. But you really don’t mind if you lose an IP or two to competition, do you? Or data about your organization’s financial health or that of your employees. After all, it is their problem.
Protect data that must be shared for operational and business reasons. What? You’re kidding. Why would you want to do that? After all, once data leaves your premises, why bother about its safety and security? As they say, let bygones be bygones. Why would you want to be bothered about an IP files or other sensitive documents throughout their lifecycle? Aren’t there better things to do?
If you use Microsoft Information Protection, then why not leverage it to protect your CAD files? Watch this video to know how.
Password protection and multi-factor identification/authentication are old school and boring. Do they still have value today? Nah. Why bother your employees with additional steps when logging into their work applications? Frequent password changes are a pain. Who remembers passwords anyway?
Moreover, multi-factor identification and authorization is just too much trouble. Two factor, Three factor… why factor in so much detail to save information?
Install Anti-malware and anti-spyware. Another joke. If you have them – get rid of them. Pronto! The world knows that the Chinese and other governments spy on industries and each other. Over and above that, there are malwares, such as Trojans and so on, that siphon off vital data and could completely collapse the operations of an enterprise. But you must be safe as you are, right? So don’t install such programs in your organization.
Finally, why follow best practices? Don’t commit to rigorous practices such as social engineering audits and anonymize data. Simple, why bother? With the onset of concepts such as the Internet of Things and Machine Learning, why go through the greater pain of locating all the big data enclaves in your company and stringently review these for data privacy?
Unsecured data is like an open house
Despite the advice given here, if you have still implemented half of the things listed here – good for you. But have you given a through to the first three items? Do you know what data actually flows out of your IT landscape? Do you have the visibility and controls to block sensitive data from breaching the perimeter of your IT controls despite firewalls and other installations? Finally, can you ensure that the sensitive data that your users genuine share with stakeholders outside the organization continue to be safe throughout their lifecycle?
These are things you should give serious thought to in case you haven’t still.
To know more, visit https://secude.com/halocore
Comments are closed.