Securing stored data involves preventing unauthorized people from accessing it as well as preventing accidental or intentional destruction, infection or corruption of information. While data encryption is a popular topic, it is just one of many techniques and technologies that can be used to implement a tiered data-security strategy. Steps to secure data involve understanding applicable threats, aligning appropriate layers of defense and continual monitoring of activity logs taking action as needed.
Here's my list of 10 security best practice guidelines for businesses (in no particular order).
- Encrypt your data: Stored data, file systems, and across-the-wire transfers all need to be encrypted. Encryption is essential to protecting sensitive data and to help prevent data loss due to theft or equipment loss.
- Use digital certificates to sign all of your sites: Save your certificates to hardware devices such as routers or load balancers and not on the web server as is traditionally done. Obtain your certificates from one of the trusted authorities.
- Implement DLP and auditing: Use data loss prevention and file auditing to monitor, alert, identify, and block the flow of data into and out of your network.
- Implement a removable media policy: Restrict the use of USB drives, external hard disks, thumb drives, external DVD writers, and any writeable media. These devices facilitate security breaches coming into or leaving your network.
- Secure websites against MITM and malware infections: Use SSL, scan your website daily for malware, set the Secure flag for all session cookies, use SSL certificates with Extended Validation.
- Use a spam filter on email servers: Use a time-tested spam filter such as SpamAssassin to remove unwanted email from entering your users' inboxes and junk folders. Teach your users how to identify junk mail even if it's from a trusted source.
- Use a comprehensive endpoint security solution: Symantec suggests using a multi-layered product (theirs, of course) to prevent malware infections on user devices. Antivirus software alone is not enough. Antivirus, personal firewall, and intrusion detection are all part of the total approach to endpoint protection.
- Maintain security patches: Some antivirus programs update on what seems like a daily basis. Be sure that your software and hardware defenses stay up to date with new antimalware signatures and the latest patches. If you turn off automatic updating, set up a regular scan and remediate plan for your systems.
- Educate your users: The second most important BYOD (Bring Your Own Device) security defense: user awareness , "it might be the most important non-hardware, non-software solution available. An informed user is a user who behaves more responsibly and takes fewer risks with valuable company data, including email".
- Network-based security hardware and software: Use firewalls, gateway antivirus, intrusion detection devices, honey pots, and monitoring to screen for DoS attacks, virus signatures, unauthorized intrusion, port scans, and other "over the network" attacks and attempts at security breaches.
Advanced defenses for advanced attacks
Block more threats and quickly mitigate those
that do breach your defenses with the industry’s first threat-focused NGFW. Cisco Firepower NGFW appliances combine proven network firewall with the
industry’s most effective next-gen IPS and advanced malware protection. All so
you can get more visibility, be more flexible, save more, and protect better.
Find the best next-generation firewall for you
ASA 5500-X with FirePOWER Services
Small business, branch office, enterprise
Firewall throughput from 256 Mbps to 15 Gbps
Threat inspection from 125 Mbps to 30 Gbps
Stateful firewall, AVC, NGIPS, AMP, URL
Firewall throughput from 256 Mbps to 15 Gbps
Threat inspection from 125 Mbps to 30 Gbps
Stateful firewall, AVC, NGIPS, AMP, URL
Firepower 4100 Series
Internet edge, high-performance environments
Firewall throughput from 20 Gbps to 60 Gbps
Threat inspection from 10 Gbps to 20 Gbps
Stateful firewall, AVC, NGIPS, AMP, URL
Firewall throughput from 20 Gbps to 60 Gbps
Threat inspection from 10 Gbps to 20 Gbps
Stateful firewall, AVC, NGIPS, AMP, URL
Firepower 9000 Series
Service provider, data center
Firewall throughput up to 225 Gbps
Threat inspection up to 90 Gbps
Firewall, AVC, NGIPS, AMP, URL, DDoS
Firewall throughput up to 225 Gbps
Threat inspection up to 90 Gbps
Firewall, AVC, NGIPS, AMP, URL, DDoS
Consult us any security concern that you may have in your business at info@liteglobal.com
