A continuous flow of headline-making data breaches are forcing companies to take a new look at their security policies and make adjustments to keep up to date with the fast-moving threat landscape," says Alex Vovk, CEO and co-founder of Netwrix. "There is an important lesson to be learnt from these incidents," says Vovk. "Building internal security policies is not enough to guarantee data protection; businesses need to verify that the controls they have in place support organisational objectives and perform adequately in today's cyber environment."
Netwrix, the provider of change and configuration auditing software, suggests five simple steps to ensure that internal security policies will help overcome potential security vulnerabilities:
- Determine what the most critical data in your environment is. Storing less sensitive data on fewer systems will ease the process of maintaining security, but also minimise compliance costs and help pass audits smoothly. Decide which data is vital for your business and establish strict controls over the most critical systems.
- Use compliance standards to strengthen security. Detailed and well-structured compliance standards, such as PCI DSS, give organisations an idea how to enhance internal controls and eliminate the risk of data breaches. Even if you are not compliant, use these requirements as a guideline to improve existing security policies or build a new one.
- Take user activity under control. End-users who abuse their access privileges pose considerable threat to data integrity. Enable non-stop monitoring of user activity and keep an eye on accounts with extended privileges to eliminate the risk of data compromise.
- Make sure your employees are security savvy. The success or failure of internal controls is in the hands of your employees. Make sure every person in the company is aware about internal security policies and knows what to do in response to a data breach. Regular staff training will improve understanding of their roles and responsibilities in case of a violation.
- Avoid repeating the same mistakes. Systematic post-breach analysis is an essential practice that helps to close the gaps in IT infrastructure and strengthen overall security. Consider a security violation as a penetration test and thoroughly investigate each case to ensure that lessons are learnt.
"The biggest mistake companies make when they build internal policies is taking it as a do-once-and-forget activity, which gives them a false sense of security and increases the chance of being compromised," said Netwrix's Alex Vovk. "Since methods of hacker attacks have become more sophisticated than ever, it is absolutely essential to regularly review and update security policies to ensure that they are properly performed and help you stay ahead of adversaries; otherwise policies are completely useless in the fight against cybercrime."