When considering a cyber security strategy, think in terms of creating concentric rings around your most important assets. Your first task is to determine your most important assets and then categorize them in terms of risk.
Here are some examples of information assets you may want to include:
- Employee HR information
- Health benefits information
- Social security numbers
- Business financial documents
- Customer lists
- Customer confidential information
- Much more…
Your ability to protect employee and customer information is bound by many regulations and records compliance. A breach compromising these assets not only would damage your brand reputation but could lead to legal battles, loss of business or complete business failure.
The idea of concentric rings as a cyber security strategy is very simple; guard your assets against accidental loss or destruction, nefarious actions by outsiders or even someone within your organization.
Backup, Threat Protection and Monitoring
A good backup protocol can eliminate accidental loss or destruction of your most critical data. Having a strong high-availability and disaster recovery process can guard against downtime.
Next, implementing data loss prevention(DLP) is a good way to make sure your highest risk (your employees) are not ex-filtrating data from your business. DLP can provide your organization with policies on access controls for viewing, editing, printing, downloading, and emailing various documents and files. Therefore, you are implementing total control over your proprietary information.
Create another ring of security in the form of threat protection for your email and endpoints. This is a great way to add on a meaningful layer or security, enabling you to catch anomalous activity before it wreaks havoc in your environment.
Implement a full-environment monitoring service to add that final ring. This is protection from the edge, all the way to your internal systems allowing for full visibility of all activity from all sources, whether activity slips through endpoint protection by an employee social media activity, a click on a malicious link, or loading up a compromised thumb drive, your monitoring service is watching 24x7x365 to make sure you’re protected.
Remember, there is no silver bullet to cyber security. The best you can do is to protect your company on many different layers and be diligent about your employees adhering to a policy of protections.
Stay safe out there! – Lynn Shourds, Vice President of Sales at NexusTek