Tag Archives: Data security policies

Data Protection Policies (M.M.O.) Removing the Means (Part 1)

Successful Data Protection Policies

One of the central tenets of a good Data Protection Strategy and one you will hear from me over and again is the continual removal of risk. Successful Data Protection Policies that work, are those that are developed around your business, by understanding and continually minimising risk we can create a flexible progressive strategy to improve our security posture often in small simple incremental steps.

In the previous blog we discussed motives and motivations behind Cyber Crime, it is the aspect we have least control over but to be able to create good data protection policies it is one we need to understand.

Whilst we can do little about motivations the removal of the “means” is something that we can control, from the Cybercrime perspective this can be as simple as running regular malware scans and checking the results for infiltrations. Believe me or not I often find that although customers have perfectly good Antivirus / Malware solutions in place nobody monitors them.

Infections that go un-remediated are the means for many types of attack.

The important take away is that “un-monitored solutions are likely to make you vulnerable as they provide a false sense of security”.

Chose your Antivirus/Malware solution with the on-going management and reporting as a central requirement when you are buying. The Eset Remote Administrator is ideal for most businesses.

data protection policies, management, monitoring & reporting
Eset Remote Administrator video demo

Another important way we can remove the “means” from our computer environment is to have a proper policy for administering software updates across all of your systems and devices. Cyber criminals look for known weaknesses in code and exploit them. Unpatched operating systems are more open to infection by malware and hackers use known exploits to access your system. So this is something that is very much in your hands.

Once again monitoring the status of updates across your whole network gives you an overview of whether this is happening effectively, once again the key is visibility. We can provide “Patch Management” systems that will give you a good overview and control, it is highly recommended you adopt one.

Yahoo, TalkTalk, Equifax, Sabre Hospitality and Uber are all recent victims of data breaches that happened as a result of known (avoidable) issues that were exploited and led to loss of customer data.

My message to you is unless you think you come into a category of specific interest to cybercriminals not to worry about the unknowns the unusual stuff, “Zero Day” exploits are reserved for specific targets of particular value, it is very unlikely you will be the target for one of these as they are used against high worth targets and against Nation States. The reason being they are extremely valuable and are deployed only when the likely pay off is commensurate as by definition once they have been used they may become known.

Your data security policies should first look to monitor and prevent the more common breaches, using a risk based model. We will continue our series of blogs Removing the Means with some insights on securing user accounts and password policy.