5 Rules For Keeping Your Company’s Data Safe

Rule 1: Have a clear inventory of what data is critical to your organization.

By creating an inventory of all the data retained and its purpose, a company can identify which pieces are necessary to its ongoing operations and which are not.

Rule 2: Create a “two-person rule” for your data and processes.

By making sure critical operations and data access are guarded through multiple authorities, each checking the validity and work of the other, you minimize the risk that a compromise of any one part or person in the system compromises everything.

Rule 3. Compartmentalize your data.

By making sure that the ability to view and work with data in an organization is aligned with job responsibilities and enforced technologically, you can make sure that any one failure of security is not a total failure of security for the organization.

Rule 4. Build your defense in depth.

By applying the same security principles a company applies to its public-facing servers to its internal systems: setting up firewalls, using encrypted communication, and requiring strong authentication methods.

Rule 5. Keep the keys to your kingdom offline.

By using storage devices that aren’t connected to the Internet, (i.e, encrypted USB keys or your long-term memory). Thus, if attackers get complete control over an organization’s computer network, stored secrets within the network will be inaccessible to them.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s