• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Five Top Tips to Help Protect Your Critical Data

October 31, 2013 By Corey Nachreiner

I often question the validity of the term Information Security. While it has “information” in the name, I feel we spend more time protecting our technologies and devices than we do figuring out what information is most critical to our businesses, and catering our protections to that data. As information security professionals, we need to focus more on directly defending data.

Information Security

That was the premise for my presentation at Gartner’s ITxpo Symposium on October 7, 2013, in Orlando, titled, “SPS17: WatchGuard Technologies, Inc.: Cover Your Assets; Protecting Your Company’s Most Important Possession.”

Right now data thieves are doing a good job stealing our sensitive information. Since 2005, more than 600 million records have been breached, and the stakes continue to rise as companies struggle to protect data in the face of increasingly complicated regulatory requirements.

At ITxpo I shared some revelations from WatchGuard’s recent data loss research. For instance, though 64 percent of respondents report having data sharing and usage policies, only 30 percent have Data Loss Prevention solutions in place. And, while the top data loss threats include malicious insiders and criminal hackers, the number one threat is accidental data loss.

To help illustrate this data security problem, I also demonstrated how unskilled attackers could easily leverage SQL injection flaws to siphon off critical information from our backend databases. Using freely available tools like SQLmap, almost anyone can steal email addresses, credentials, and even credit card numbers from badly programmed e-commerce sites.

Of course, the point of the presentation wasn’t to alarm, but to remedy. To that end, I proposed five simple steps CIOs and IT managers can take to protect their organization’s critical data assets. You can read more about those tips below, or, you can watch the session recording by clicking here.

Garter DLP Presentation
Click Image to watch video

Let’s jump into the five tips:

  • Do a Data Inventory – What sensitive data does your organization have? Where do you store this data? Why does the organization need this data? Who needs access to it? How do they use the data? You need to find out in order to protect it.
  • Create a Data Policy – Good information security always starts with a well-thought out policy. Even the best security technologies cannot replace good planning.
  • Leverage Access Control – You may already have many good tools to help, such as OS authentication, identity access management, firewalls, network ACL and other security controls. But, are you using them? The simple step of segmenting your trusted users from one another based on their roles can help.
  • Use Encryption – Encryption can be expensive, but for data at rest and in motion, it is vital for sensitive documents. However, you don’t have to encrypt everything. If you learn where your organization stores its most vital data, you can concentrate on just encrypting that.
  • Adopt DLP Technology – Vendors are offering cost-effective and easy-to-use solutions that can help organizations detect and block sensitive data at rest, in use and in motion. Consider Unified Threat Management (UTM) solutions that integrate DLP technology and allow it to be centrally managed through a single console. Gateway-based DLP technologies found on UTM devices can solve a big portion of the problem for a fraction of the cost and complexity of other solutions.

With the proper precautions in place, there’s little real excuse for accidental data loss today. There are strategies you can employ that help you identify your company’s most critical data, techniques you can use to limit access to it, and solutions available that will recognize violations and keep your data safe; thus meeting today’s compliance standards and regulation.

Furthermore, WatchGuard’s unified threat management (UTM) platform can help, providing you with both defense-in-depth and the latest gateway DLP technology that prevents most common data leaks.  — Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Data Loss, DLP, Gartner, information security, Top 5 Tips, UTM

Comments

  1. nothelpful says

    November 4, 2013 at 12:47 am

    this nt helpful, nothin makes snese!!!!!!!!!! i failed my ict class this year, thx a lot!!!!!

    Reply
    • ifeelyou! says

      November 4, 2013 at 12:47 am

      i know right!!!!

      Reply
    • Corey Nachreiner says

      November 4, 2013 at 9:48 am

      Sorry you don’t think this is helpful. Question… are you referring to the tips in the blog post, or did you watch the presentation. I really detail the tips in the presentation, so I recommend it. Also… ICT? Does that stand for an Information and Communications Technology degree?

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use