5 Ways To Reinforce Your Data Security Model For An Insecure Cyber World

Cyber World

In a constantly evolving cyber-environment where the risks are increasing daily, organisations are under mounting pressure to ensure their data security regimes are capable of protecting them against external and internal threats. But what measures can they put in place to buttress their data security regimes and make them more resilient? Here are five key points organisations should bear in mind when examining their data security model:

1. Don’t Rely On Compliance Policy Alone

Compliance with legislative and regulatory requirements and internal company policies is mandatory in today’s organisations. Failures can lead to significant career and financial penalties. But compliance with legislation and policies designed to improve security may not be sufficient if the policies are not kept up to date to address growing cyber threats. Organisations should regularly review compliance requirements to make sure they are current.

2. Focus On Protecting Data Before Infrastructure

Infrastructure is highly vulnerable in the age of BYOD (Bring Your Own Device). With data and information at the core of invasion risk from such challenges as the Advanced Persistent Threat, organisations need to concentrate on protecting data before infrastructure. Where sensitive and secure data is at stake, companies need to implement a user interface that is highly functional, intuitive and easy to learn. It should provide utmost control in managing sensitive data for insiders and collaborating organisations. The implementation of data classification standards should also be considered to improve the protection of sensitive information.

3. Security Is Ubiquitous

Knowledge workers are everywhere, their eyes and ears can provide a high degree of security protection. Organisations must ensure knowledge workers are aware of current threats and are able to recognise risky situations quickly. End-users are also partners and providers, particularly in the emerging era of cloud computing. Provider shielding is a necessity to ensure the provider cannot access the information located within customer data once encryption is set for their application and use. A provider can still add value in helping clients to build a private cloud without being privy to its content.

4. “He Who Guards Everything, Guards Nothing

While the expression was coined by Frederick the Great of Prussia, it is still relevant in a data security context where leadership needs to think effectively about what needs the most protection. The initial focus should be on highest risk areas with action be taken there first instead of trying to safeguard everything. This is a key requirement for risk-driven approaches to security and data protection policies. External stakeholders pose risk, but internal stakeholders can pose an even greater danger. Organisations should focus on areas such as access and privacy controls and instil security policy and compliance from the inside out. If they guard with targeted precision, their protection will be stronger.

5. Security Should Be Simple, But Not Any Simpler

As Einstein said: “Things should be made as simple as possible, but not any simpler.” Security should be as simple and user friendly as possible, but still adequate to meet the needs of the organisation. To ensure compliance and improve security, security training and qualification should be easy-to- execute. The quality of training is essential as employees will frequently fail to read a security policy or not have the time to do so. Some leading organisations are using gaming technology in their security training to help engage staff members with security policies and practices.

Security product and service firms are also starting to focus on effective interfaces and performance levels in their designs. Organisations should select the best systems and services to enable their policies. In some cases, it could be as easy to be secure as it is to send a file. All it takes is one click.

Mark Edge, VP of Sales and Country Manager UK, Brainloop AG_Smaller copy

Mark Edge joined Brainloop in September 2014 and brings over 20 years of sales experience in the IT, security and networking industries. In his current role he is responsible for building out Brainloop’s UK team and driving the company’s growth across the region. Prior to joining Brainloop, Mark was Regional Vice President of Sales, UK and EMEA for Watchdox where he was instrumental in establishing what was then a little-known brand in the region, creating and building a pan-EMEA team. Mark’s career has also seen him deliver senior sales roles for a number of blue chip technology companies including IBM, A10 Networks where he grew revenue year on year for three consecutive years and Citrix, where he ran application networking solutions sales for North America and EMEA. Mark has a degree in Economics and Russian from the University of Surrey. As well as speaking Russian, Mark can also speak in French, Dutch and Swedish.