Menu

How do we protect digital assets?

In today’s digital age, it is essential to secure data against unauthorized access, manipulation or deletion. This requires the implementation of security measures for both the transport and storage of data. Good examples are measures such as encryption, zero-trust principles, as well as taking end-of-life measures such as careful disposal of information. In addition, it is crucial to protect systems from the growing threat of ransomware attacks. In this blog, we discuss the principles around securing data through isolation, zero-trust to offline backups. This blog offers insight into how organizations can implement a comprehensive data security framework.

Benefits of data security

Ensuring data security is essential to prevent sensitive information from falling into unauthorized hands and to protect against potential threats such as hackers or malware. Ensuring that data can be restored quickly in case of failures or outages increases resilience. The unavailability of data due to, for example, a virus attack or server failure can have a huge impact on the organization’s core processes By making regular backups and storing them in a secure location, access to crucial data can be quickly restored even if the original data is lost. It is also important to secure old or reused storage media to prevent sensitive information from falling into the wrong hands, even after disposal.

Best practices for protecting your digital assets

  • Identify risks: It is essential to ensure effective data protection by identifying risks and implementing appropriate security measures. Start by taking stock of the data present, storage locations and sensitivity of the data. Centralize data where possible and avoid storing redundant information. If replication or caching of data takes place, make sure all copies are adequately protected. Distributed data, such as files on user desktops, can be harder to manage and easier for attackers to find.
  • Secure, encrypted and authenticated access for data security: Guarantee proper protection of data in transit by using secure, encrypted and authenticated access. By applying zero-trust principles, each access request is verified and the action to be taken is determined based on the content of the information. By centralizing access policies, network security and authentication, you reduce the attack surface and thus the risk. Even if information is stored, it should be secured. Use file encryption and Information Rights Management (IRM), to secure the most critical data. Make sure this happens at all sites (On-Prem, Cloud or SaaS).
  • Standardized cryptographic algorithms for data security: For effective data protection, it is crucial to use current standardized cryptographic algorithms. Old or non-standardized algorithms offer less protection and may provide a false sense of security. Ensure that certificates and keys are protected against unauthorized access.
  • Define data security interfaces: Develop data security interfaces that allow access to sensitive information and expose only the necessary functionality to minimize the risk of misuse by attackers. Limit access to bulk datasets and only allow users to perform arbitrary queries on sensitive datasets if there is a legitimate business need and this is carefully controlled.
  • Provide a central security solution: In today’s landscape where organizations use many different platforms and where location-independent working has become the standard, measures must also evolve with them. It therefore makes sense to arrange information accessibility through a centralized solution, allowing security and access policies to be harmonized across all platforms.

Best practices for effective data backups

Besides securing the legitimate use of information, it is also necessary to protect data through backups. A backup is a backup copy of the information on an independent medium. Taking snapshots is a nice mechanism to quickly restore information, but it differs from backup in that there is dependence on the source data. A solid data backup strategy is an essential risk mitigation measure.

  1. Identify critical data for business operations and make sure it is backed up regularly. Both of business data and of all configuration data needed for the optimal operation of business systems.
  2. Store multiple copies of important files in different locations. Provide at least 3 copies of the data spread across 2 different devices, with at least 1 copy kept in a remote location.
  3. Keep an offline backup separate from the internal network or use a specially designed cloud service. Restrict access to credentials and servers used for backups to prevent attackers from targeting the backups.
  4. Keep backups over a period of time instead of just one recent backup. This provides extra protection in cases where a virus or system damage goes undetected until the backup is overwritten.
  5. Test backups regularly to ensure they are effective and reliable. Make sure you are familiar with the process of restoring files from a backup before this is actually needed.
  6. Minimize the risk of reinfection when restoring data from backups by reinstalling executables from trusted sources, rather than restoring them directly from the backup. Make sure operating systems and application software are up-to-date on the target systems and scan files with up-to-date anti-virus software before restoring.

Reuse, disposal and destruction of storage media: sound policy and practical implementation

It is crucial to have sound policies in place for the proper handling of data and data no longer in use. This policy should cover the reuse, repair, disposal and destruction of all storage media and devices capable of storing data, including peripherals. Ensure that unnecessary data and records are securely and permanently deleted. Failure to sanitize storage media increases the risk of data breaches, which can result in damage to the organisation. When buying equipment, it is essential to consider the costs and effort involved in rehabilitating storage devices and/or media when they are no longer needed. In some cases, destruction is the only option. Remember to remove any labels or markings referring to the nature of the data before destroying the device. It is important to regularly check and test the procedures and equipment for decontamination and destruction to ensure they are effective and comply with applicable laws and regulations.

the OpenSight 10 new year’s cyber security resolutions

During the OpenSight 10 new year’s cyber security resolutions, we will publish a blog each week about each of the ten resolutions as listed below:

With these 10 new year’s resolutions, we at OpenSight hope to give you some insight regarding the ten steps you could take to decrease the chance and impact of an incident.

Want to know more?

Be sure to keep an eye on our blogs where, following these Cyber Security resolutions for 2024, we will cover all 10 topics in detail. Follow us on LinkedIn to be the first to know about all our updates!

Bellen
Mailen