IMPLEMENT THESE 4 CRITICAL DATA PRIVACY COMPONENTS FOR SECURING YOUR STACK
By Scott Davis
Data privacy and security has become a critical requirement for organizations around the globe. Governments and industries are modernizing existing consumer protection and breach notification laws while establishing new standards of security.
The last 12 months have seen records shatter in not only the volume of successful data breaches but the average cost of a breach, as well. Ransomware with extortion has driven this increase as 17 different cyber-crime groups were using the business model at the end of 2020.
The Advancement of Technology, The Opportunity for Breaches
Technology has evolved tremendously since the 1980’s, yet most of the innovation has occurred since the creation of the cable modem and high-speed internet in the late 90’s. With billions of dollars invested into building faster and more robust networks both wired and wirelessly, the risk of data breaches grew.
The average internet speed in the United States broke 50 Mbps in 2019, meaning any user or criminal can transfer a gig of data in under 3 minutes. With speeds now capable of exceeding 2000 Mbps, a nefarious actor could, in theory, transfer a terabyte of data in under 2 hours to anywhere in the world.
The mobility of the modern workforce has introduced new issues for data privacy as home printers, smart phone cameras and high-capacity USB flash drives all enable end users the convenience to copy and manipulate data without security controls. In 2011, Kingston technologies found that, on average, 12,000 customer records were lost due to missing USB drives.
The Pandemic Increases Cybersecurity Risk
COVID-19 forced organizations globally to accelerate plans for cloud computing, often placing security as an afterthought. The expeditious deployment often meant misconfigurations and the lack of application of core security principals. Cyber-criminals have identified and taken advantage of these vulnerable data stores and have been transferring and extorting data at a record pace.
Data privacy can be more secure with the implementation of four critical components to your security stack:
- Change Tracking
Change Tracking is a core component that enables you to quickly identify what and when a configuration changed. Being able to track changes from yesterday to today or a year ago to now has numerous security and business benefits, including the ability to quickly see when a:
- User was added
- Firmware was upgraded
- License was changed
- Port forward was configured.
Not tracking the configuration changes of your core systems leaves your customers at risk.
- Updating Firmware
When was the last time you had a team member login to every network switch to find the firmware version? Chances are that if firmware versions are out of date on one switch, then you likely have other infrastructure that is also outdated and insecure. Every device with outdated firmware is a potential security risk and it can be time consuming to identify, document and upgrade all these devices.
- Monitoring User Privileges
Understanding what user accounts have privileged access and monitoring changes to user security groups like the one that gives access to the accounting drive are also critical to protecting data. Knowing who has access to what locally and in your cloud should be documented and monitored for changes—both legitimate and not.
- Establishing Actionable Alerts
Are you getting alerts, but they aren’t enough? Or is your team getting inundated with low value alerts that just seem like noise? Establishing good Actionable Alerting is crucial to the items above and more. Automated alerts notify your team when thresholds have been exceeded and so they can quickly take corrective action. Without alerting, everything is a manual process going system-by-system, tenant-by-tenant.
Securing data for your customers, partners and your business is a core requirement of doing business today. Liongard has been built to help you standardize that documentation, secure both you and your customers’ networks, and free up technician time as you’ve automated documentation and monitoring—so that you can focus on scaling your business.
If you’re not using Liongard today, sign up for a demo and see how Liongard can improve security and save expensive man-hours with automatic documentation and alerting.