Learning how to define and deploy best practices to defend against data breaches.

By Rich Mellot

THERE’S NO DENYING that the technological advancements of today’s world have brought forth a groundswell of seemingly endless ways in which diverse data streams can be harnessed and analyzed. This is a true testament to how data can be actively utilized to successfully impact the efficiency, profitability and overall capability of any number of businesses and facilities.

Spanning a broad spectrum of market needs and nuances – from small businesses and multilocation, big-box retailers to intuitive patient care providers, international banking institutions and expansive higher education campuses – the significance of data acquisition and its substantial effect on the interconnected progress of the global marketplace have mounted notably in recent years.

However, while the possibilities and benefits of apt data acquisition have created an undeniable, evolutionary shift in how consumers, patients, students and numerous other groups are more readily served by these entities, the risks and challenges in securing that same data have quickly presented themselves. The threat of data breaches and their impact on not only the wellbeing of any affected individuals, but also the health of the infiltrated enterprises, has been a leading topic in the security community and far beyond.

Any mention of data collection almost immediately transfers focus to the question of protection – and as is the case with anything in this rapid-paced industry, the accepted best practices of cybersecurity have been forced to swiftly adapt. As new data streams are pinpointed and gathered, it’s certain that new threats will develop. This cause-and-effect quality has meant that while remaining in step with the newest technologies and methods of data analysis is important, it’s all the more crucial to acclimate to the most effective methods possible in keeping that data secure.

Following are only a few of the most fundamental data protection techniques and best practices that should serve as the foundation for any burgeoning cybersecurity strategy. These by no means can account for the complexity required of a truly successful program, but they serve as the pillars of risk management and are essential in mitigating and, hopefully, altogether eliminating data breach threats.

It’s immensely important to enlist end users in a regular security maintenance program. This spans from the simplest of activities, like keeping up with software and systems updates, to providing more sophisticated consultations, including security assessments and system health recommendations.

Maintain a Security-First Mentality

For any facility engaged in data collection – no matter how minor – the primary concerns should be assessed through a security lens. This begins with crafting and strictly adhering to a formal security policy. Involve high-level management, security officers and IT personnel to collaboratively establish a malleable set of standards, and ensure that these policies and any subsequent revisions are efficiently communicated to staff.

Even the seemingly smallest measures, such as requiring that strong passwords for employees to access data be changed every 60-90 days, are indispensable as the first lines of defense against an attempted breach. Much broader policies, including the development of an incident response plan, must be practiced regularly. By implementing and frequently testing the robustness of their incident response plan, organizations can be more readily assured that, in the event that a data breach does occur, their staff will be fully prepared to detect and contain it before any devastating damage can befall the organization or its patrons.

Keep All Technologies Current and Updated

It’s not enough to merely deploy the latest and greatest data analytics or security technologies with the expectation that these alone will stave off a massive data breach. It’s immensely important to enlist end users in a regular security maintenance program. This spans from the simplest of activities, like keeping up with software and systems updates, to providing more sophisticated consultations, including security assessments and system health recommendations. Considering the highly sensitive nature of cyber and data security, engaging in continuous health and event monitoring of the security deployment and investment is vital in order to remain a valued, trusted security partner for any end user.

These activities not only allow integrators to monitor the status and health of the overall system, but also provide the ability to accurately report and audit any notable events and issues, in addition to keeping records of centralized software patches and updates.

Each of these practices is imperative to the eradication of security vulnerabilities that would allow highly sensitive data to be the target of a cyberattack. Routine maintenance and system monitoring will help guarantee that best practices are refined and followed properly, and that beneficial technologies are appropriately introduced into the overall enterprise solution whenever applicable.

Embrace the Value of Regular Education

Offer ample opportunity for continuing education and mandatory training for all employees on new security threats that have emerged and any indicative red flags. Teach them how to identify suspicious patterns and warning signs that may suggest fraud, or signify that a larger breach is imminent.

Taking time to administer regular educational sessions will keep staff as current as their technologies, and armed with the knowledge necessary to prevent and react, should an organization’s data be targeted.

Rich Mellott is Director of Product Management for Stanley Security.