Story image

Time for new security resolutions

27 Feb 15

There's no time like the present for customers to take a good look at their security says Mark Shaw, Symantec Pacific region technology strategist – security.  

With the new year in full swing, it’s a good time for organisations to cast a critical eye over their security processes, practices 
and technologies. 

Channel partners have an ideal opportunity to work with organisations to identify gaps and assess how to better protect the organisation and avoid them being the victim of a headline-making data breach.

To help partners provide the best recommendations to their customers, here are a few suggestions on habits to leave behind, and new habits to adopt.

Know where your data lives It’s 8pm on Thursday… do you know where your data is? Who can access it? Take the time to understand where sensitive data resides, who has access to it and where it is flowing to help identify the best policies and procedures to protect it. 

Remember, protection should focus first on the information – rather than the device or the data centre.

Think like an attacker As attackers plot their attacks, they typically look for the path of least resistance. Look at IT infrastructure from the attacker’s vantage point. Where is the most valuable data stored and backed up? What vulnerabilities could I exploit? What is the most economical way for me to perpetrate and profit from an attack?

Compromise is inevitable. Have a strong relationship with an incident response partner or better yet, have them on a retainer so they’re ready to go to help prevent your compromise from becoming a breach. 

Also, be prepared yourself. More and more companies are taking the added step of running end-to-end incident response drills to test how well the organisation can manage an incident. Remember that an incident response process will likely span multiple business units. It is no longer the sole domain of the IT security team or even the wider information technology group.

Add more layers of protection Protecting the endpoint using only the antivirus component of an endpoint protection technology has been insufficient for years. Using the entire feature set of these technologies is a critical component of a broader arsenal of advanced protection technologies to keep information safe. You can strengthen security infrastructure with data loss prevention, network security, endpoint security, encryption, strong authentication and defensive measures, including reputation-based technologies. 

Educate employees Large-scale data breaches in recent years have continued to highlight that the weakest link in security is often human error. It’s critical employees understand what attacks look like and how to defend against them. Educate users about security threats and the damage they can cause – from password strength to phishing emails, to lost and stolen mobile devices.

Patch your environment on a regular basis Consider your patching frequency and whether this can be automated further. Also bear in mind that two-thirds of vulnerabilities identified are in third-party applications, so increase your patching scope beyond simply the OS. Software updates can include fixes to new vulnerabilities and exploited security gaps. 

Patch back end infrastructures, because it’s not just desktop software that can provide an opening, as last year’s Heartbleed vulnerability demonstrated.

Go beyond the device Tablets and smartphones have increased employee productivity and flexibility, but also introduce new and evolving vulnerabilities into the workplace. Many companies think device-level security is enough to prevent data leakage and breaches, but today’s mobile threats call for deeper protections that also safeguard apps and data. Rethink your BYOD policies to protect at the content, data and app level.  

IP theft: A global issue catching NZ businesses off guard
“We have this incredible record of innovation in New Zealand. But our innovative businesses haven’t always been meticulous in shoring up their IP."
Why A/NZ organisations need to improve compliance protocols
Only a mere 4% of IT decision makers and data managers surveyed said their organisation faced no data management challenges. 
What the people say - Gartner’s November Customers’ Choices
A roundup of the latest Gartner Peer Insight Customers’ Choices from Backup and Recovery to Business Intelligence and Analytics, and more.
BlackBerry buys out cybersecurity AI firm Cylance
“We are eager to leverage BlackBerry’s mobility and security strengths to adapt our advanced AI technology to deliver a single platform.”
Data protection is key to building customer trust
"New data compliance rules offer an opportunity for businesses to re-evaluate their processes and improve data management and customer loyalty."
NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."