Frontline IT Blog
Sony Hacked Again: How to Avoid a Giant Data Breach

Sony Hacked Again: How to Avoid a Giant Data Breach

By Sam Alapati

The Sony PlayStation data breach exposed users to the potential for identity theft and grabbed headlines worldwide. And Sony is just one of several large and seemingly invulnerable organizations to be hacked. Even the CIA has had its website hacked, and hackers associated with the notorious group Anonymous announced last week that they plan to destroy Facebook on November 5.

As a small company, without the resources or security power that these large players command, you might worry that you have no hope of keeping safe. In fact, there is no need to fear data breaches -- as long as you remain on top of data going in and out of your network.

Keep Current on Vendor Communications
Most small businesses rely on outside vendors for their network maintenance and storage. If you do, be sure you communicate regularly with your vendors, which could also mean following them on Twitter and subscribing to their newsletters, blogs and RSS feeds, as these are typical methods of communication when something does go wrong.

When choosing a vendor, be sure to ask how they will keep your data safe and what they will do in the event of a breach. Ask for data to back their statements up, and even ask to speak with current customers to get a sense of their own experiences.

Make Educating Employees a Priority
The main thing most small businesses need to do is educate their employees. Make sure no sensitive data is being sent or received through an unsecured connection -- for example, the local Starbucks. Smartphones create additional vulnerability should they be lost or stolen. Avoid saving data on them and be sure you have a way to automatically wipe them in case of theft. Have a clear and communicated policy for when a device is stolen that requires employees to notify IT immediately, which will limit the amount of damage that can be done.

Limit Downloads to the Office
Monitor what gets downloaded by requiring employees to only do so when they are in the office. The best way to go about this is to develop a detailed security policy and let employees know why the policy is needed. The policy will need to be specific to your organization’s individual vulnerabilities and also constantly updated as the business changes. Controlling Internet usage and even limiting the websites that employees can visit is a simple way of safeguarding the network and should also be included in the security policy.

Also, if it’s possible, invest in efficient log management software that will help the network administrator proactively defend the network.

Keep up With Patches
Keep current with security patches to protect against known vulnerabilities. This is a simple but effective means of securing your network. Limit the employees who are granted administrator access; this will ensure that only those who are knowledgeable are making changes to the network. All of these steps combined will help you stay ahead of any threats.

Consider Other Strategies to Maximize Security
In light of the recent data breaches, companies are considering new strategies to gain added protection. You can try them too:

  • Use Encryption. The first and most important is to encrypt sensitive data relating to customers and the company.
  • Monitor access. The second most important is to audit data access to protect against insider threats.
  • Segregate responsibilities. Strict separation of duties, so one person or a group of persons aren’t authorized to perform multiple sensitive tasks, is yet another thing companies have been seriously considering.
  • Consider insurance. Risk transfer through insurance for controlling the damages from a potential data breach is another hot topic these days.
  • Shore up email. Since several of the well-known data breaches were made possible by email security breaches, everyone is now concerned about tightening email security.
  • Employ ID management. One of the strongest measures your company can undertake to protect itself against data breaches is a strong identity management system to control access to critical applications.

Among the biggest sources of data breaches are mobile devices and mobile applications. Balancing the need for customer ease of use and security is always tough, and companies are focusing on how to make mobile devices more secure -- without inconveniencing their users. Since the recent spate of security breaches, there has been increased interest in the encryption of sensitive data, which provides robust security of data even if someone breaches your system. Data breaches can occur through hackers penetrating systems or even when data backups are illegally accessed. Thus, encrypting data during its transmission as well as storage affords the greatest possible security.

Like this article? Connect with us @ITInsiderOnline 


Photo Credot: @iStockphoto.com/sydmsix

Sam Alapati Sam Alapati is the senior technical director of Miro Consulting, which helps companies negotiate and manage Microsoft and Oracle licensing.


Leave a Comment

There are no topics at this time. Please come back soon

From Our Sponsor

http://cio.myfoxnewmexico.com/program/tools/aug_10_2011.html

Copyright © 2012 Studio One Networks. All rights reserved.
Terms of Use - Privacy Policy - About Us