What is Data Security?
Protect Your Data from Cyber Criminals
Adam Gleeson, Cyber Security Vendor Alliance Manager at CyberLab, explores how organisations can implement comprehensive measures to protect data from unauthorised access, modification, or deletion. He covers:
- Why do we need data security?
- What do we mean by data security?
- Data security in practice
- Cyber Security Posture Assessment
Why do we need data security?
The value of data security
In most, if not all, modern businesses, data is probably the most valuable asset it holds. Most data is now stored digitally and, given that an element of that data is critical to the day-to-day operation of a business, any loss of or disruption to access of that data would have a severe effect on a business.
Data security is critical for businesses
Think about the impact loss of your data would have on your business – if data loss happened, could you continue to work normally? Would you be able to effectively track what activities are ongoing or planned with your customers? What about tracking which customers owe what and when? Who has been invoiced and who is yet to pay their invoice? Who has had orders fulfilled?
Many organisations have recognised and acknowledged these risks, however many more organisations have not kept up-to-date, have not kept control over their data and are vulnerable to cyber criminals.
What does data security mean?
The first step is gaining an understanding of what data means to your organisation:
- What data is most important to your business?
- Where is your data is being stored – is it all in one place or is it scattered?
- How can your data be accessed?
- Who can access your data and how can you permit or deny access to sensitive data?
- Where can your data be accessed from – can it only be accessed from secure locations?
Once you have defined what data means to you, you need to consider how you are protecting data:
- If your data were to become corrupt, deleted or maliciously encrypted – how could you recover it?
- Do you have robust backup regimes in place?
- Are you keeping multiple copies of your data in multiple locations.
- What about devices or media used to store your data?
- Do you just throw them away or are you making sure they are securely wiped?
How do you do data security?
Understand your data
Understanding the data you hold is the first step:
- Is it mostly historic information that would only ever be of use to your own organisation?
- Does it hold sensitive financial, personal or client information?
Identify the types of data you hold, find the “Crown Jewels” of your organisation – i.e., the most sensitive and/or important data.
Once you understand your data types, you can classify each file and implement controls, policies or rules as to how that data can be accessed, processed and handled.
Where is your data?
The next step is to understand where your data is being stored. With all the different file sharing technologies available today it is very easy for storage sprawl to set in resulting in data being stored in multiple locations on multiple hosting platforms – many of which you have no visibility or control of. You need to:
1) Identify the locations or solutions that are being used to store data
2) Reconcile them into a single solution that you can effectively control and have visibility of
Another aspect of selecting a solution that can be overlooked is understanding why users have been using different platforms. It is far better to ensure any new platform supplies functionality for users to work the way they need to work (within reason of course). If the new system has shortcomings in the way people need or want to work, they may start (or try to start) adopting other solutions again.
Once a new solution has been decided upon, implement a data handling strategy for your users. Define clearly how they should be saving, categorising, and handling the different types of data.
Control your data
Many mechanisms to implement controls go hand-in-hand with data classification/categorisation: by applying a classification to a particular item, controls are automatically applied to restrict what can be done with that data to effect Data Loss Prevention in your environment. It may also be possible to automatically allow or deny access to data carrying certain classifications.
There are also ways to implement location controls. For example, access to very sensitive information can be restricted to only being accessible when within company-owned LAN’s. Therefore, users accessing from home or in an internet café would not be able to access the data.
Protect your data
Just as important as any of the other methods you use to protect your data is having a robust, reliable backup strategy. This ensures you are never left completely at the mercy of cyber criminals.
Remember that without a secure off-site backup you will have limited options if your data is deleted or maliciously encrypted.
Paying ransoms does not ensure the return of your data. In fact, there’s a strong likelihood that you will end up paying several ransoms and still not recover any data!
Having off-site backup is good, but even better is ensuring that your on-site backup repository is protected against deletion or malicious encryption. Segmenting the repository is one way to do this.
There are also multiple solutions available that will make your data immutable. Once written your data cannot be changed except under very specific circumstances that are almost impossible for an attacker to replicate.
Restoring data from on-site repository is faster than downloading and restoring from a download. It’s also an up-to-date backup, minimizing downtime and data loss for your business.
Embrace control mechanisms for sensitive data. Control access, actions, and restrict data movement or copying. This ensures data remains secure and only accessed by those who need it.
Dispose of old media securely. Don’t simply throw old SAN drives in the bin. Data can be retrieved by someone determined. Make sure to dispose of it securely.
How CyberLabCan Help
CyberLab can provide consultancy and support on your key technology projects, help deliver business solutions, support your users in adopting them and provide managed or reactive support when your solution is up and running.
What is a Cyber Security Posture Assessment?
A cyber security posture assessment is a check-up for your business’s cyber health and is a crucial step towards protecting your business.
The assessment involves answering a series of questions designed to determine how prepared your business is to defend against cyber threats.
After each assessment, our cyber security specialists will draft a free report based upon your performance. By completing this assessment, you can ensure that your business is well-prepared to defend against today’s cyber threats and those that may emerge in the future.
If you haven’t done so already, our Posture Assessment tool is a quick-and-easy way to identify your strengths and weaknesses, and get a better picture of your overall security posture.
We have put together a page of recommendations for improving your Data Security, and which tools can help, which you can read here.
Featured in this Episode
Senior Sales Engineer, Forcepoint
With over 11 years in IT Security, Adam is currently a Senior Sales Engineer for Forcepoint across Northern Europe. Adam is responsible for technical engagements with Forcepoint’s Channel Partners, Global System Integrators, Service Providers and MSSP’s – providing advice and helping customers to protect their users, data, and networks. Prior to Forcepoint, Adam has previously held roles at end user, partner and vendor – gaining experience at both Cisco and Sophos.
Cyber Security Vendor Alliance Manager, CyberLab
Adam has a passion for IT and cyber security. With over 15 years of experience in the industry, Adam’s resume boasts a wealth of knowledge around keeping businesses cyber secure.
Detect. Protect. Support.
Understand your security risks and how to fix them.
Take the first step to improving your cyber security posture, looking at ten key areas you and your organisation should focus on, backed by NCSC guidance.