Print Divider Print Divider Branding

Five Tips to Help Your Organization Avoid a Data Breach

08/10/2017  |  By: Jason Riddle, CISSP, President, Information Security


Social Logo Social Logo Social Logo Social Logo

What Actions Should I Take to Protect my Organization?

If your organization is to succeed where the threat of a cyber attack looms constantly, you’ll need to take a few steps to ensure you are adequately prepared.

1. Data Inventory. First, your organization needs to understand WHAT types of sensitive data you maintain and WHERE they are located. You can accomplish this by creating and working with a cross-functional team to identify the types of data your organization creates, stores and processes. Once you understand what data you have, the next step is to work with your technology and business process experts to determine where the data lives.  

2. Risk Assessment. Once you have completed the data inventory, you’ll need to determine the risks to your data. A risk assessment will help you understand the controls currently in place to provide protection. It also evaluates the likelihood and potential impact of various scenarios (e.g. a major data breach). Completing the risk assessment will help you understand how and where to direct your resources.

3. Technical Assessments, such as network vulnerability assessments and penetration testing, provide validation that your technical controls are working as designed to prevent cyber attacks. These assessments should be performed periodically and after major changes in technology or business processes.

4. Security Monitoring. Monitoring network traffic and system log files for known attacks and anomalous activity can help to detect attacks that may have made it through your defenses. With the sophistication of cyber attacks constantly increasing, it’s important to have a monitoring capability in place rather than relying completely on your preventive controls.

5. Response Plan. Finally, you need to make sure you have a solid plan of action for responding to cyber security incidents. We all need to be prepared to respond properly and in an organized manner when bad things do happen. A thoughtful, well-coordinated response can have a huge impact on how the general public (and the marketplace) perceives a data breach.

Even the nation’s largest, best-funded companies struggle to defend themselves from data breaches. In order to be effective, companies need to view data breaches as something that is largely inevitable, and work to ensure they have proper controls in place to prevent, detect, and respond to events when they happen. Developing this type of security process maturity will help set companies apart from their peers when the inevitable occurs.

Originally posted in Accounting Today