web analytics

Blog


NEPS Security Vault

December 8, 2014 / Blog

NEPS Security Vault Series: Security 101

By George Webb

In this 1st installment of our 5 part data security series I will cover the basics and things that, on the surface seem easy. These items in fact, are some of the largest reasons for breaches.

Business data needs to be protected in all forms

Data can be electronic, hardcopy, laptops, tapes, screenshots, hand written, etc. Protecting all forms is where the challenge is, most companies focus on intrusion prevention and enterprise system hardening. The fact is that a large majority of reported issues are a result of front-line data management and the simple items.

With that said, most management teams, that are charged with security adherence, typically use an audit or certification to cover themselves for data security. The fact is that even with a successful audit, everyone has security holes. If you are responsible for data in any form, ask yourself the following five questions:

  1. Could I remove data from the environment without anyone knowing?
  2. Can others remove data from the environment without anyone knowing?
  3. Is live data stored in any way that could be portable, laptops, thumb drives, cell phone pictures, etc?
  4. Do we have any undocumented data transfers?
  5. Do we use shared usernames or passwords on any systems?

If you answered YES to any of these questions, you could be at risk for a breach. This is not meant to pick on anyone in a process or find fault, with these obvious questions. You should look at data protection at the ground level and while this won’t protect against the large public breaches that are in the news daily, it can help to protect against the most common breach types.

There is a privacy website that tracks all reported breaches and provides detail and updates for both large and small issues. I have included the link to that site below, go to the page and scroll down for the latest breaches. To support the questions above, look through the link below and as you read the issues. Think to yourself, “if they asked these questions and made changes, would the breach have been prevented?” a large portion would have. And on a personal note, this is a great site to use to be aware of your personal information protection, as you read these, you will see places that you went to, shopped at, or that has your data.

http://www.privacyrights.org/data-breach

Stay tuned for the next part in the series, employee awareness!