While a data breach damages the confidentiality, availability or integrity of information, your ability to avoid breaches rests on three pillars: people, processes and technology.
Read these top tips from Michael Krausz, author of Managing Information Security Breaches – Studies from real life.
1. Start with your staff
Promote an ethical environment for managing information security – starting from the top and promoting it throughout the company. This is likely to involve training or staff awareness programmes. You’ll also want to make sure you do background verification checks on candidates for new jobs, in accordance with local laws and ethics. This can include references, criminal records checks, and a general background check by a professional investigator.
Another major point to address is if an employment contract or agreement has been terminated, you should ensure that all company assets are returned on time. These can include:
- Keys and access cards
- Credit cards
Once an employee has left, it is essential that all access rights are removed promptly; there are endless stories about former employees still being able to access the network because of forgotten accounts.
2. Establish your security processes
You must come at this from two different routes:
- Establish a security process dealing with the identification of requirements, overseeing their implementation and testing the effectiveness of measures.
- Change established processes to include security elements.
Within this approach, you’ll also need to look at conducting a risk assessment, which will include defining risk acceptance criteria (quantitative or qualitative) and deciding which risk is acceptable or not.
If you are a medium-sized to large company, you are expected to have the following technologies present:
- Intrusion prevention
- Switched networks
- Virus protection
- Spam filtering
- Log file consolidation
- System monitoring
- Single sign-on
- Data leakage prevention
Implementing ISO 27001
Implementing ISO 27001, the international cyber security standard, is one of the major – if not top – strategies for avoiding a data breach.
Not only will implementing ISO 27001 help you achieve effective cyber security and mitigate the threat of data breaches, it provides a solid framework for supporting compliance with the GDPR, because of its holistic focus on people, processes and technology.
Organisations can build an information security management system (ISMS) aligned to ISO 27001 by using the No 3 Comprehensive ISO 27001 ISMS Toolkit.
It contains the official ISO 27000 standards, guidance, risk assessment software and all the documentation templates you will need throughout your ISO 27001 project. Find out more >>
Book of the month
To help you understand the trends and traits of data breaches, what they are, how and why they occur, and what you can do to avoid suffering a similar fate, take a look at our book of the month: Managing Information Security Breaches – Studies from real life by Michael Krausz.
This thought-provoking guide details how breaches can be treated and the direction you should take if you’ve been affected.