The New York Times offers this scary statistic: over the last 12 years, there's been a 10,000-fold increase in data security attacks. While the number of devices has also increased, this can't explain the explosion of malware, hacks, DDoS, and other attacks. In fact, just in the last year, attacks increased by 62 percent.
Why do attacks keep increasing if businesses are always upgrading software, patching flaws, and finding vulnerabilities? Security experts are starting to think that we might be taking the wrong approach to cyber security.
Rather than focus purely on technical fixes, more experts are suggesting that we shift our attention to data security strategy. We admit "data security strategy" sounds a bit like corporate jargon, but this approach offers practical elements you can exercise to improve client security. Let's take a look at what it means.
Data Security Strategies to Better Protect Client Data
When experts talk about "strategy" in data security, what do they mean? This means prioritizing data security for the most important data and limiting its risk exposure. IT security experts suggest that you…
- Identify the most valuable data. Transactional data, protected health records, account information, and personal information should all be stored in separate, more secure network locations. Access to this data should be limited, and duplicate copies shouldn't be kept on employee devices.
- Limit access to this data. Only necessary personnel should have access to protected data. Employee logins / passwords should be unique and meet best-practice standards. When employees leave the company, delete their accounts immediately.
- Encrypt data. Encryption is nothing new. Because IT infrastructure is always changing, businesses need to adapt encryption strategies. For instance, some cloud companies don't encrypt data while it's being transferred between servers, and many email clients don't offer end-to-end email encryption (for more information on this, read the post, "Google's 'End-to-End' Like a Seatbelt for Email"). As an IT consultant, it's up to you to make sure your clients use robust encryption that actually protects their data while it's being stored and transmitted.
- Use big data and calibrated security programs to identify threats more accurately. Anti-malware and security programs often flag so many data transmissions that it's difficult to know which threats are real and which are false positives. IT consultants can't do their job if they get an alert every few minutes. What's the solution? Better software. Security consultants are increasingly relying on software that uses big data to identify threats and reduce false positives. These types of software can cross-check malicious software with a user's activity. If the user tries to access any databases they wouldn't normally, the software will flag this action.
What do these four strategies have in common? In each case, consultants are tailoring IT according to the security required for that specific type of data rather than using a one-size-fits all approach to data security.
Sure, this "strategy" isn't groundbreaking. But that's the nature of IT. There's no silver bullet that will stop cyber attacks. The only thing IT consultants can do is adapt their strategies and better focus data security efforts to protect the data that is most valuable to their clients.