How to promote data security for your company

This is a guest article written by Daphne Stanford. The author’s views are entirely her own and may not reflect the views of IT Governance.

There are a number of keys to ensuring data security.  Data breaches are some of the most preventable setbacks a company can experience, and there are a few common sense preventive measures a company can take—preferably with the help of a data scientist and cybersecurity specialist.  A combination of big data analytics knowledge and programming expertise will help ensure that your company is safeguarded against a security breach; this makes an in-house data scientist the ideal situation for most companies, regardless of size.

Common mistakes to avoid

First of all, it’s important to realize that “no nonprofit or business is too small for hackers to notice.”  This means that, regardless of your company’s size, you should implement a security plan that will ensure your business avoids a few common pitfalls that leave company data and valuable customer data vulnerable to attack.

There are various types of attacks, including advanced persistent threats (APTs), distributed denial of service (DDoS) attacks, inside attacks, malware, password attacks, and phishing.  More important to protecting your business, however, are a few common security mistakes to avoid in order to prevent a data breach.  The first, as already mentioned, is failing to plan for a breach or assuming you’re already protected via government insurance coverage or general liability insurance.  Another common error is failing to monitor ‘insiders’; apparently, insider fraud was responsible for losses of $3.7 trillion worldwide in 2014.

There are a number of simple, tangible errors that employees and managers alike can avoid in order to prevent data breaches: sharing passwords with others; leaving computers unattended outside the workplace; carrying unnecessary sensitive information via laptop while traveling; using generic USB drives that aren’t encrypted; using personally-owned mobile devices that connect to your organization’s network; reusing the same username and password across different sites; and failing to delete information on your computer when it’s no longer needed.

How to secure your company’s data

Beyond taking the above basic precautions to avoid data security breaches at smaller companies, larger organizations need to take a few extra precautions.  Recently, Digital Guardian interviewed 24 data security experts on best practices for enterprise-level businesses.

Gunter Ollman, CTO of NCC Group’s Domain Services, recommends ensuring that any personal and confidential data be encrypted at each access point, as well as storing keys to sensitive data in different locations.  Moreover, Ollman recommends creating a number of ‘false flag’ data repositories, or seeding your data storage systems with records that will automatically alert your security team if they are accessed by anyone or any system within the organization—as well as using search engines to query unique seed data often in order to identify public leaks.

A few other concrete actions you can take to protect your business include conducting an inventory of potential data targets, developing a privacy policy, creating layers of security, and planning for data loss or theft.  Moreover, your company should implement a network security plan that implements the following steps:

  1. Secure internal network and Cloud services.
  2. Develop strong password policies.
  3. Secure and encrypt your company Wi-Fi connection.
  4. Encrypt sensitive company data.
  5. Regularly update all applications.
  6. Set safe web browsing rules.
  7. If remote access is enabled, make sure it is secure.
  8. Create a safe-use flash drive policy.

How an in-house data scientist can help

Incidentally, there are a number of different opportunities—in both the corporate world and various levels of government—to train for a career in cybersecurity.  Basically, the situation is that there are more cybersecurity-related jobs than people to fill them.  According to Boston University, the Department of Homeland Security (DHS) is working with private industry, academia, and government “to develop and maintain an unrivaled, globally competitive cyber workforce.”  Because of the ongoing shortage of qualified professionals, DHS is actively recruiting cybersecurity specialists to its National Cybersecurity and Communications Integration Center (NCCIC).

There is also a high demand for many ‘civilian’ careers in cybersecurity: job titles include computer crime investigator, cryptographer, forensics expert, network security engineer, and virus technician. Data security specialists are needed to analyze, interpret, and protect organizational data. Before they are able to prevent company losses, however, data scientists must first understand software architecture and be familiar with at least one core programming language.

In-house data scientists are valuable because they are able to work together with other departments to illustrate and explain their data sets in engaging, straightforward ways that address the concerns of all parties and perspectives. Explain how your in-house data expert helps your company in the comments below!