So, the first time I heard the following statement about organizational security it did get me thinking. Are we really to the point that a security breach is inevitable?
It’s no longer “if” it will happen, but how prepared your organization will be “when” it happens.
When you think about this you must think whether any organization ever be safe from a security breach? Is there any amount of security that can be implemented to create a 100% guarantee that corporate data will not ever be stolen? Can any security team ever say that all corporate data is safe?
For now, let’s hold on that question and discuss some of the things you can do to protect your organization.
Let’s Look some Steps you can take to Improve your Organizational Security
From my experiences, I have seen the approaches used for organizational security vary greatly depending on the organization. There are still some important actions that can have a positive impact on your overall organizational security. Let’s break it down.
Application Software Updates
Keeping up with application software updates alone can improve your organization security health by up to 80%. This number will vary depending on the process you use today, but that percentage of improvement shows how important this step is. From a software perspective, this includes everything from Windows updates, Microsoft Java, Adobe, and everything else you install that has routine update.
The unfortunate thing is that application updates come out with a level of frequency that can make this unachievable. So, choose an interval, create a testing process, and ensure that your applications are updated. I personally would recommend a minimum of updating monthly to ensure the best level of protection possible. VDI for workstation deployments can also simplify the software update process greatly.
Retire Old Legacy Systems
Retiring old legacy systems is easier said than done. It’s common to find that these old systems often need to stay around for legal and compliance reasons. Some industries are required to keep data for certain periods of time. In those cases, it’s important to keep them for data retention purposes. Alternatively, though they may be able to stay online through an isolated network, or other form of isolation that reduces the security risk to maintaining that data.
The other scenario that is important to seek out are those older legacy applications that run on an outdated operating system, because no one has ever sought out a replacement system. This is something that needs to be remediated ASAP. No one should ever have an old Windows XP system hiding under their desk, and if you still have NT 4.0 for that one special application well then it’s time for change. The security risk is too great to tolerate leaving these systems around.
Hire a 3rd party to try to Hack your Environment
Do not wait for a hacker to find a way into your network firewalls. Hire an “ethical hacker” to assist 1 – 2 times per year. They will not only find your vulnerabilities; you will get advice on how to remediate the problems they identified.
From there, be sure to remediate those issues to prevent a real security breach. Some organizations do not take the time to remediate, but this is the most important step. Don’t skip it!
Have Backups of Backups
By having a solid backup strategy in place can help you restore your business under even the worst security violation. For example, Cryptolocker encrypts data on network shares and even within your backups. Your backups need a backup too. Thankfully there are many ways to accomplish this today from replicating backup data to offsite disk, storing tapes offsite, and with cloud options your backup of data can go to the cloud.
Layered Protection Systems
Having only antivirus software on PCs and servers is no longer is enough to protect your organization from vulnerabilities. It’s hard to believe there was a time when this was the case. Modern security teams are ensuring that there is a solid intrusion detection system, and that there is endpoint recording to watch for anomalies on your devices. It doesn’t stop their either. Laptops are now routinely encrypted, and there are often multiple layers of email scanning in place. Security teams need to do all they can to stay ahead of the always changing security threats presented by external threats.
Preventing a Security Breach
So, can your organization ever be safe from vulnerability? After analyzing all of the requirements its a tall order to achieve. I believe that ever if it’s not 100% possible to be certain your organization will not be breached, your team can take a lot of steps on a routine basis that will ensure a more secure organization than you have today.
Security breaches are more common than ever, so it’s time to get started and put together a solid plan that will significantly reduce your security risk.