Implement a strong employee joining and exit process: Revoke email and network access quickly when an employee leaves. Give new members of staff access only to the resources they need.
Educate staff: Ensure data is only accessible to staff on a need-to-know basis or push data to relevant people.
Avoid remedial action: Don’t plug holes with a point security product – implement systematic controls between the data not on the network or gateway.
Identify assets and information flows: Map intellectual property and the way it is accessed to help identify and prioritise your security approach.
Restrict the manipulation of data: Plan who needs access, print authorisation, data alteration and export rights to email, online messaging or removable devices. Apply restrictions to specific documents or content by time and location.
Watch the gatekeepers: Subject system administrators and privileged users to change management and critical server file integrity checks.
Don’t overlook the obvious: Block data export on removable data storage/transfer devices and scan outgoing email for confidential attachments. Restrict copy and paste for instant messaging and other social networking media.
Use encryption: Where you permit data export to removable media, ensure it is encrypted.
Use multi factor authentication: Always combine a password with secondary method of authentication, such as biometric readers.
Combine your security arsenal: Integrate physical biometric access systems, CCTV and even RFID, with virtual data network security systems to provide more effective evidence and protection against security breaches.
No comments:
Post a Comment