Protecting your network and sensitive data isn't
easy. Network administrators use many
technologies and techniques to ensure that basic
security controls are in place:
- Install and
maintain firewalls at your perimeter as well as
connections to un-trusted network segments.
- Follow procedures to harden your servers,
workstations, and network components.
- Ensure updated anti-malware and anti-virus
systems are in place, protecting both
workstations and servers.
- Training procedures provide annual security
training for your staff as well as regular
security reminders.
- Formal patch management processes ensure
servers, workstations, firewalls, etc. are
patched and updated on a regular basis.
- Access controls restrict access to only the
minimum amount of information necessary for the
individual to perform their duties. Passwords
are changed on a regular basis and users are
logged out after a period of inactivity.
- Controls over third party service providers
are implemented and reviewed on a regular basis.
- A risk assessment and risk analysis is
performed on an annual basis.
- Annual security audits evaluate
administrative, technical, and physical
safeguards to ensure they are sufficient and
effective.
Hackers and unauthorized intruders use
creative ways to by-pass security systems and
gain access to data. Even with all of the
appropriate controls in place your organization
may still be at risk of a security breach.
Leading organizations use encryption to help
protect sensitive data from unauthorized access
and disclosure. Encrypting data may cause some
small response time delays. In many cases,
however, the impact of a hacker gaining access
to sensitive data far outweighs most
encryption-related performance issues.
Altius IT recommends the following
encryption-related steps be taken to protect
your data:
- Identify sensitive data. Include customer
data as well as intellectual property (e.g.
custom software code, proprietary information),
system log files, and other important
information.
- Prepare flowcharts and data flow diagrams that
identify data sources, transmission of data,
data storage, data backups and archiving, and
disposal of data.
- Ensure security controls are implemented to
protect the data.
- Encrypt your data using strong encryption.
- Protect your encryption keys so they can't be
obtained by unauthorized parties.
In addition to protecting information from
unauthorized access, using encryption may exempt
your organization from various state and federal
data breach notification laws.
Network
security audits help ensure sensitive data
is encrypted.
Security Blog menu
Tags: data breach | data encryption | breach notification | database encryption | data security
|