Your data is one of your most valuable assets, which makes data privacy and security integral to your company’s short- and long-term success.
Cybersecurity threats increase every year. Even though 2020 was noted as the worst year ever by the United States Justice Department, cyber crime increased dramatically in 2021, and it’s not expected to slow down any time soon. Along an increase in the total number of crimes, ransom dollar amount requests have increased by over 200 percent, with some businesses being asked to pay tens of millions of dollars. Your data security depends on your ability to not only mitigate the risks of cybersecurity threats but also implement a strong backup and recovery plan for when an attack occurs, which, despite the most effective prevention efforts, may happen. Let’s examine what data security is and how you can secure your data from the constant threat of cyber crime, as well as from bad actors inside your company and from basic human error.
What is data security?
Understanding how to secure your data starts with understanding what it is you’re trying to secure your data from. Cyber crime is big business and your data is a hot commodity. Hackers look for vulnerabilities and use them to install ransomware—and while the software and infiltration methods have gotten more complex and the dollar amounts higher, the overall scheme hasn’t changed—encrypt your data and hold it hostage until you pay a ransom. Data security is a broad topic—the protection of your data throughout its entire existence—and that includes (among other things) the security of your hardware and software, access and use policies, as well as backup and recovery.
A strong data security plan begins with knowing your data, creating policies on data handling and access, and developing strong procedures to minimize risk from cyber criminals, malicious insiders, and simple human errors. Security can include encryption, masking, the actual physical security of where your data is housed, as well as the creation and implementation of policies and in-depth employee training.
While we can’t cover every aspect of data security, let’s get started with a few basic data privacy and security tips you can use to protect your data and your business in 2022.
3 basic prevention tips
1. Passwords are a key target for hackers. In May of 2021, all it took was one compromised password take Colonial Pipeline offline, causing fuel shortages and an increase in fuel prices, as well as costing Colonial Pipeline a $4.4 million ransom payment. Ensure your employees keep their passwords long and strong and restrict the use of previous passwords or passwords they use for anything else. Include password training in onboarding and enforce periodic password resets. Consider investing in electronic password mangers, which will encourage your employees to create more randomized and complex passwords (because they don’t have to remember them) and discourage them from writing their passwords down where they might be found.
- Always use the Principle of Least Privilege and only give Administrator privileges to those who truly need it. Installation of unapproved software and individuals with Admin privileges accessing unsecured websites are two of the most common ways malware and ransomware are introduced into a network.
- Create, implement, and enforce a sensible Bring-Your-Own-Device (BYOD) policy that clearly delineates what data can and cannot be accessed by or copied to a personal device (including removable storage devices). And make sure those that any personal devices being used for work have the same security standards as internal devices. That policy should also cover removable storage devices—like USB drives. Consider requiring encryption of all data copied to any device.
3 ways Rubrik can help
- Minimize risk. Implement thoughtful and logical tiered classification policies for your data that lay out exactly how different types of data should be handled and by whom. That starts with knowing your data. Rubrik Sensitive Data Discovery discovers, classifies, and reports on the types, locations, and usage of sensitive data. This allows you to identify what sensitive data may be lurking in your unstructured data, allowing you to ensure your data-handling policies are effective. In the case of data exfiltration, it can also help identify the potential data exposure, leading to a more informed recovery response.
- Backup and recovery. Frequent backups lead to swift recoveries from data exfiltration. Automated backups make that even easier. Rubrik lets you select your backup frequency and retention ensuring shorter RTOs with confidence with their backup and recovery software.
- Zero trust data solutions. Zero Trust Data Security™ is exactly what it sounds like. It’s based on the premise that no one and no device (or application) is trustworthy. Rubrik ensures data is immutable so that it can never be modified, encrypted, or deleted by ransomware.
FAQs
What does it mean to protect your data?
Protecting your data is an ongoing mixture of prevention and planning for recovery. Creating strong and realistic data handling policies for your organization, monitoring data access, ensuring frequent backups, encryption, and strong plans to quickly recover data if an attack occurs all go into making sure you’re protecting your most valuable and sensitive data.
Why do we need to protect data?
Ransomware poses financial, safety, and reputational risks. Beyond the ransom itself, cyber attacks can cause significant business disruption to complete business shutdown for hours or even weeks or months. Financial losses due to business disruption can be devastating, but the reputational risks are just as high—as are the legal risks if you’re dealing with particularly sensitive and/or legally protected data.
What are the types of data protection?
A strong data security plan incorporates multiple aspects, including policies that strictly govern how data is handled and accessed and incorporate the use of encryption, particularly if data is being copied from device to device. Automated immutable backups can protect your data by ensuring an easy recovery if an attack occurs. Employing zero-trust data solutions keeps you protected and resilient.
Baburajan Kizhakedath
