Key security strategies for data breach prevention

If we have learned anything over the last few years about data breaches, it is that they are likely to happen.  However, data breach frequency can be reduced and its impact minimized with some key strategies.

Both response and prevention efforts are greatly impacted by organizational culture.  Organizational culture is formed over years as certain values and behaviors are reinforced or discouraged through a series of successes and failures.  Security is seen as important and vital to organizational success in positive security cultures while it is ignored or even discouraged in negative security cultures.

You can reinforce an existing security culture or bolster a lagging one with some of the same strategies.  The first strategy is to make the topic of security a common one.  Discuss risks in meetings and common decision-making situations.  Ensure that managers and knowledge workers are on the same page with risk, knowing how much risk is acceptable and how their decisions affect risk.  Employees also need to understand what it is they are trying to protect, such as customer information, trade secrets, or strategic business information.

Security awareness training can provide the skills and knowledge necessary to prevent data breaches and respond to those that happen.  It is also a crucial component of a security culture.  Security awareness training should be consistent and enacted for employees at all levels of the organization so that they can accurately recognize threats and understand their role in the response effort.  Since a large percentage of attacks target the human element in organizations, this training can equip employees with the skills to avoid such attacks.  Awareness training prepares employees for their role in incident response by teaching them about incident indicators and how to properly report an incident.

Incident response planning is also necessary to ensure that the response is performed correctly and in a timely manner.  An effective response can greatly minimize damages to both the organization and its customers.  Incident response plans should be regularly reviewed and updated, and those involved should participate in drills and exercises so that the response activities come naturally to them.

Leading all these efforts is a Chief Security Officer (CSO) or Chief Information Security Officer (CISO).  This individual should have the authority to interface at the highest levels of the organization to ensure that preparation and protections are placed appropriately throughout the organization.  Responsibility for security lies not only in IT but in the entire organization, from senior management to the factory floor; remote office workers to branch office managers; and from interns to HR.  They will also need a budget to perform these activities.

Choose your CSO or CISO wisely because they will be a driving force behind security initiatives.  They will need to be an effective communicator and leader with good vision and planning skills.  In a recent Modern Workplace webinar on cyber intelligence and data breaches, Vanessa Pegueros, DocuSign CISO, said that the CISO should have breach experience.  Breach situations are often high-stress, but the lessons learned are invaluable for a security leader.

Put the right strategies in place to bring about cultural change, increase awareness, refine and communicate incident response plans.  Then, equip a CSO or CISO with the authority, responsibility, and budget to make it all happen.

Special thanks to Microsoft Office, the sponsor of this article.  As always, all thoughts and opinions are my own.

Office 12

I was given a copy of Office 12 to try the other day. I plan to
compare it to Open Office.

The update on Open Office so far goes like this. Draw is not
impressive at all. I enjoyed using Writer and Calc. They feel almost
exactly like Word and Excel. I liked the ability to save documents as
PDF. One thing I find off is that there is a media player built into
the program. Why would I need a media player. Does it take so long
for me to run formulas that I will want to watch a movie?

Here is a few things on Office 12. Instead of the the older menu
interface Office 12 uses a new interface based on tabs that organize
sets of functions under headings such as "Write," "Page Layout," and
"Review". It will take some getting used to but this might turn out
to be more intuitive. Everything is XML based but the XML schema that
is used just works with MS apps. I really do not have much to say
yet because I have not had time with it yet. I will post updates.