17/03/2015

By Mark Edge, Country Manager UK & VP Sales, Brainloop


Today’s cyberworld is a fluid one and increasingly insecure. Securing your information has never been more important. With the continued rise of cybercrime and the increase of incidents of data loss, organisations are under more pressure than ever before to ensure that their assets are effectively protected. Organisations must rethink their approach to data security against both internal and external threats in an environment where risks change daily.

Identifying the challenge is simple, but overcoming it can be difficult. Many organisations are investing in improving security – PWC recorded a 51% increase since 2012 and yet, the number of breaches reported continues to rise.

What measures can be put in place to underpin their data security strategies and strengthen them against attacks? Here are five considerations:

Compliance is not enough - We are all aware that compliance, together with legislative and regulatory requirements and internal company policies are mandatory in enterprises today. But compliance, legislation and policies alone are no longer enough to keep out potential cyber attacks.

Organisations must regularly revisit compliance requirements to make sure they are up-to-date. It is not a case of put them in place and forgetting about them.

Put data protection at the heart of your information security model - Business infrastructure is exposed in this age of BYOD (Bring your Own Device) and Cloud services – and the trend for both is only going to grow. A new approach is needed - protect the data before the infrastructure. With data and information at the core of invasion risk from such challenges as the Advanced Persistent Threat, organisations need to concentrate on protecting data before infrastructure.

Security should be wall-to-wall – Consider the role your knowledge workers could have when it comes to protecting your data. Knowledge workers are the ‘eyes and ears’ of your organisation. Make sure they are kept in the loop and regularly updated about current security threats and know how to recognize and handle a potential threat quickly.

Guard what’s really valuable - Don’t try to ring fence all your data. Instead, focus on the information that needs protecting the most. Your first goal should be making sure your high risk areas are adequately protected. This is key to a risk-driven approach to security and data protection policies. External stakeholders can be a risk, but internal stakeholders can actually be a much bigger danger. Focus on core aspects of your strategy, such as access and privacy controls. Make sure everyone in the organisation understands your security and compliance policy, and review it regularly so that there isn’t a risk that no-one understands.

Don’t overcomplicate things - Security needs to be simple and user friendly, but it must meet the requirements of the organization to protect it from cyber attacks. Security training and qualification are essential to ensuring compliance and improving security on all levels. Some companies are using gaming technology, for example, to engage staff in taking on board security policies and practices.

Organisations must make sure they choose ‘best in breed’ systems and services to enable their security policies. Cyber threats are the stark reality of computing in the modern world, but protecting your organisation and its priceless data does not have to be complicated. It’s simply a case of selecting the best systems and services to enable your organisation’s policies.