It could be argued that data security today is the primary driver for all other cyber security requirements in organisations, but many organisations do not know how to tackle the problem they face.
The first step in devising a strategy around data security is to understand the data that you hold, identify data that is particularly sensitive, identify data that you do not need to store or can be archived, and assess the potential risks associated with that data – this should have been achieved as part of the risk management step.
Once you understand the risks posed you can begin to implement appropriate controls to protect the data at rest by implementing access control, encryption, or digital rights management for example. Transmission of data must also be considered, how will you ensure the data is only accessible by the intended recipients, digital rights management can help here as well, alternatively controlling the network paths the data will traverse by use of VPN’s may be an option.
Want to know more about your Cyber Security posture?
Solutions that can help your business with Data Security
Data Loss Prevention
Data Loss Prevention technologies can also be used to ensure data and information is classified correctly are and that data that should not leave your systems does not leave your systems, be that accidentally or intentionally.
Encrypting and sanitising removable media is another consideration if you allow your users to utilise it.
Information Classification
Identifying your most sensitive data will allow you to prioritise the levels of control you wish to apply to protect it. Using solutions such as SecurEnvoy Data Discovery, Classification, and Protection or Microsoft Purview you can discover the data that is most important to you, classify it and protect it from unauthorised access or release.
As a minimum, MFA should be enabled for any privileged accounts as standard, however enabling for users also has its benefits, and the MFA solutions now are easy to implement and educate users on their use.
Zero trust
Adoption of a zero-trust model is an invaluable tool to effectively control the flow of data within your environment. A Zero trust approach can revolutionise your system and data security, by assuming that no-one or no device should be allowed access until their identity has been established via multiple factors almost guarantees your data is protected from unauthorised access.
There are a number of different approaches to achieve a zero-trust approach, Sophos Zero-Trust approaches it from a network perspective in a similar way to Cisco Meraki by establishing the pedigree of a device prior to allowing it access to resources, Microsoft uses it’s vast eco-system and cloud presence to apply controls to individual files and leverage telemetry from it’s other solutions such as Active directory and Endpoint Manager to determine whether access should be granted.
Email Security
Email security is one of the somewhat-simpler elements which again has been around for a long time – since junk email became a thing – but this technology too has undergone quite radical transformation from what it once was. There are a number of different approaches taken by different vendors and each work well on their own. Microsoft Defender for Office 365, Mimecast and Sophos Web Security for example take similar approaches to how they function by looking at content and known junk senders to block content.
Forcepoint however have adopted a different approach alongside the traditional email filtering you would expect with their Content Disarm and Reconstruct (CDR) solution by electing to assume every email is malicious and to dynamically strip - and rebuild web links with sandboxed links - every single email; making it almost impossible for malicious links to make it through to an inbox intact.
Secure File Sharing
As much as we would like our data to remain safely behind out security measures, collaboration and file sharing are essential components of any organisations operation. The ability to conduct these activities in a secure and controlled manner is paramount. There are any number of solutions available to provide this facility, some of the more common ones being OneDrive for Business, Microsoft SharePoint, Egress Collaboration and File Sharing.
Need advice, support or more information?
At Chess, we have a dedicated team of Cyber Security specialists and are backed by our award-winning vendors with decades of experience in most deployment scenarios. If you would like to discuss your cyber security needs, please book your free consultation.