Everyone has heard of Data Security, Information Security, or Cyber Security, it’s all over the news and everywhere we look. But what are you doing to protect your organization from intruders and malevolent forces online? Despite the mainstream attention on Web Security and Data Security, too often we see organizations ignoring preventative solutions altogether, either because of inconvenience or cost.
First let’s quickly define what we mean by Data Security. Data Security comprises the measures to prevent unauthorized access to digital data that can result from cyber-attacks. Why is this important to you? Because your organization’s intellectual property, customer/member information, and ultimately reputation is at stake!
Now let’s discuss how data is breached. The most common method these days is not an outside hacker penetrating your firewall and gaining access to your network. Instead, shady actors will send what’s called Phishing emails to employees, which often impersonate the CEO. Targeting specific employees, these emails are often extremely sophisticated. These messages are deceptive because they contain “content” that would normally not be questioned by an employee if they presume the message to be from their boss. The victim then takes the bait and falls for the scam by executing whatever action they were directed to do, whether it is to click a link (that would direct them to a fraudulent site), or simply just providing their password. Just like that, the perpetrator now has access to your organization’s data.
What can you do to protect your organization? There are several baseline IT security methods that can prevent such situations from occurring. First, Two Factor Authentication is by far the best way to prevent and protect against unauthorized access to your data. Even if your password is compromised, a second method of authentication (such as a code that is sent to your phone via text) is required in order to proceed with obtaining access. Does this cause a minor inconvenience when trying to log in? Sure, but you have to get over that for the greater good of protecting your organization and its data.
Second, a basic spam filter can no longer protect against Phishing attacks. Additional layers of protection are necessary to identify potential Phishing emails before the end-user ever sees them. These sophisticated solutions scan inbound emails and attempt to identify inconsistencies such as the sender alias name compared to the actual email address or the validity of the incoming email domain. Suspicious emails can be flagged to warn the end-user of a potential scam.
Third, security awareness training is ultimately the best Data Security. Training employees on what to look for in suspicious emails, not opening attachments they don’t expect, and what type of sites to avoid can be the best preventative measures. Effective security training tools will send your staff simulated Phishing Security Tests (PST), and if the employee takes the bait then they will be prompted with security awareness training.
While there are many other components to an in-depth Data Security program, these are just a few basic steps that an organization can take to start protecting its data. So how much does it cost? For just a couple hundred bucks per user per year, you can implement these solutions. Just as you wouldn’t go without health insurance because you are currently healthy, the same rule applies to Data Security. It’s time for your organization to make Data Security a top priority.
Written by: Payam Pourkhomami, President & CEO, OSIbeyond