The following article is an excerpt from Securing Data From the Inside-Out; a free master guide to understanding modern ransomware and other data threats. Click here to download a free copy of the guide.
Adopting a new data security approach or building a strategy from the ground up can be a daunting task for any business, especially given the amount and varying types of data they produce and store each day. For businesses with an existing data security strategy, even adding in an extra security layer or switching an existing security vendor for another takes many considerations.
Calamu Founder & CEO, Paul Lewis, understands these challenges and the process it takes to build a comprehensive data security strategy. As a contributor to the NIST Cybersecurity Practice Guide and advisor to the SEC, FBI, Department of Homeland Security and the United States Department of Justice on emerging trends in cyber and information security, Lewis believes that protecting data is a top priority for everyone to combat the growing ransomware crisis. The following steps are his guidelines to help get started.
Shifting the mindset is important. Understanding that a cyberattack on the organization is likely is an important jumping off point. Instead of preparing to reduce the impact should an event occur, companies that understand the eventuality of an attack can look to eliminate consequences by preparing, using the data-first security approach.
2. Build a Framework:
Existing frameworks around access management such as zero trust1 and continuity plans such as the NIST cyber resilience framework are intended to help organizations
approach their security plans. Develop a plan that works for your organization.
3. Perform a Data Audit:
Take an audit of the type of data you have, how it is being used, and where it lives.
Understanding the amount of data that needs to be stored and secured, and then
classifying it in terms of level of sensitivity will help build out a strategy.
4. Research Innovative Solutions
The cyber security market is growing and evolving. Talk to your security reseller and
research potential new solutions that will address your specific needs. Demo and test
drive them to ensure they will work within your environment.
5. Secure, Backup, and Create Redundancies
Secure your data with the best possible security solutions you have. Create backups
and redundancies of that data. Securing data may take multiple layers including
perimeter defenses and data-level solutions. A data-first solution will secure your data and create redundancies in a singular process.
6. Roll Out Cybersecurity Training for Employees
Even with the best defenses in place, it is recommended that all employees take
regular cybersecurity awareness training and stay up to date on how the latest threats are evolving.
7. Update and Patch Software and Equipment Regularly
Build a plan for managing software and equipment to ensure proper care, patching,
and updating occurs on a regular basis.
8. Review Settings
Network misconfiguration and unsecure RDP are leading causes of breaches. Review your policies and settings closely or partner with a vendor who can perform a cyber readiness audit.
9. Review Company Policies
Develop and review your company policies around BYOD, password hygiene particularly for mobile devices, application usage, and others.
10. Monitor, Analyze, and Refine
Plan for regular monitoring of system health and alert responses for cyber incidents. Study your network activity and data and refine your plan to adapt to changes.