A data breach damages the confidentiality, integrity and availability of information. Your ability to avoid breaches rests on three pillars: people, processes and technology.
Read these top tips from Michael Krausz, author of Managing Information Security Breaches – Studies from real life.
1. Start with your staff
Promote an ethical environment for managing information security – starting from the top and promoting it throughout the company. This is likely to involve training or staff awareness programmes. Make sure you do background verification checks on new candidates, in accordance with local laws and ethics. This can include references, criminal record checks, and a general background check by a professional investigator.
Improving security training for employees is the best defence against cyber attacks. Find out more about our Security Awareness Programme >>
If an employment contract or agreement is terminated, you should ensure that all company assets are returned on time. These can include:
- Keys and access cards; and
- Credit cards.
Once an employee has left, it is essential that all access rights are removed promptly; there are endless stories about former employees still being able to access the network because of forgotten accounts.
2. Establish your security processes
You must approach this in two different ways:
- Establish a security process dealing with the identification of requirements, overseeing their implementation and testing their effectiveness.
- Change established processes to include security elements.
Within this approach, you’ll also need to look at conducting a risk assessment, which will include defining risk acceptance criteria (quantitative or qualitative) and deciding which risks are acceptable or not.
If you are a medium-sized to large company, you are expected to have the following technologies present:
- Intrusion prevention
- Switched networks
- Virus protection
- Spam filtering
- Log file consolidation
- System monitoring
- Single sign-on
- Data leakage prevention
Implementing ISO 27001
Implementing ISO 27001, the international cyber security standard, is one of the major – if not top – strategies for avoiding a data breach.
Implementing ISO 27001 will not only help you achieve effective cyber security and mitigate the threat of data breaches but will also provide a solid framework for supporting compliance with the General Data Protection Regulation (GDPR), because of its holistic focus on people, processes and technology.
Organisations can help build an information security management system (ISMS) aligned with ISO 27001 by using the No 3 Comprehensive ISO 27001 ISMS Toolkit.
This toolkit contains the official ISO 27000 standards, guidance, risk assessment software and all the documentation templates you will need throughout your ISO 27001 project. Find out more >>