Proactive vs. Reactive
Data security: Is your business really protected?
Most homes and businesses have alarm systems to protect valuables from being stolen. If someone were to break in, the alarms would sound, triggering a procedure instilled to prevent the criminals from continuing to break in and stealing valuables. Ponder that scenario for minute.
What most business owners do not know is that data can be protected with the same philosophies of protecting equipment — virtually. It is imperative for businesses to consider the importance of their data and ask themselves: Why isn’t protecting that information a top priority?
To that end, when business owners are asked what is the most important element to the success and longevity of their business, besides the employees, most answer with operational aspects: inventory, processes and procedures, and clients. While these are all very important to a business, perhaps the most important component of a business’s longevity is the data and intellectual property. This is the information that businesses rely on for day-to-day tasks. Sensitive client information lists, pricing, procedures, accounting systems, you name it … just about everything is located within the data. At the end of the day, inventory and equipment can be replaced but virtual data cannot.
Protecting and Securing
Just like with a building’s security system, IT systems need to focus on preventing breaches and monitoring activity. In the case of prevention, IT departments can implement a DVR-type technology to show when an incident occurs with the ability to rewind to see where and how the breach occurred. The one area that is often missed is the logging and monitoring of the network. Most data breaches occur without anyone knowing because the systems are not actively setting alarms. So, with each moment that goes by, sensitive data is leaking out unknowingly.
Preventing is only as good as what is known. Just like the old saying goes, “it’s not a matter of IF you get compromised, it’s a matter of WHEN.” With that said, wouldn’t it be best to know exactly when an incident occurred so you can stop it immediately…not several months later?
Businesses should consider implementing a layered approach to security consisting of six essential security steps:
• Prevention – this is often unique to each business and industry that may have its own regulations and requirements that must be considered and ultimately implemented;
• Security Information and Event Management (SEIM);
• Asset Discovery;
• Vulnerability Assessment;
• Threat Detection; and
• Behavioral Monitoring.
Businesses should also have backup and disaster recovery solutions that include offsite storage. If the data is compromised in any way, a business needs to be able to restore from backup and keep things running. Many companies in the Gulf region make the mistake of only considering backups and disaster recovery plans during hurricane season. Businesses need to consider these important strategies at ALL times. A disaster can happen at any time.
Two months ago, a water-heater pipe burst at my own business location and the office flooded with over an inch of water. Fortunately, we did not need to rely on the system protections in place because we caught the flood prior to it reaching our equipment. Because we practice what we preach, the day the office flooded was a lot less stressful than if a good disaster recovery solution was not in place.
The Changing Landscape of IT Provider Relationships
It is now common practice for technology providers to only work with businesses if they agree to a solution before the providers perform any work. What good is a backup solution if you can’t see what it is doing? This can be achieved through monitoring and logging. Companies and their IT departments need to make sure they are receiving alerts and actively monitoring their systems for successful backups. They also need to ensure the data backup is in sync at an offsite location. Perhaps most importantly, a company should never assume everything is working properly.
Technology providers are often baffled that protecting a company’s data isn’t a business owner’s top priority. Every business should review both their security solutions and backup systems frequently. As the old addage goes, “knowing is half the battle.”
Clayton Mouney is the president of ThinkIT Solutions, a recognized leader in managed IT services that delivers high-end solutions. He oversees administration and daily operations for all facets of ThinkIT’s technical services business. During the last 14 years, Mr. Mouney spearheaded the development of ThinkIT’s key internal procedures and strategic operations.