Implementing a Data Security Program

The worrying number of hacks into big players in the publishing industry tells us that publishers and media companies are not immune to ransomware and malware attacks.

Let’s face it, the industry is vulnerable. Many publishing companies frequently move packets of high-value intellectual property over the internet. That level of activity evidently presents a lucrative target to the criminally-inclined mind. In addition, publishers collect data from consumers through social networks and online marketing which can leave both readers and publishers open to attacks if strong data security measures are not put in place.

Some examples include malicious or accidental misconfigurations, hijacking of user accounts caused by poor encryption, identity management, lack of process controls, and data leakage from insecure APIs. And the risk has been exacerbated by the work-from-home environment and a slow adoption of data protection software.

The industry is beginning to take this threat more seriously. This is not just to protect valuable assets and competitive advantage, but to comply with customer demands and emerging industry regulations such as CCPA, PCI DSS, and GDPR.

On-Premises or Cloud

The need to tighten data security applies regardless of whether a company’s data is stored on-premises or in the cloud. Most cloud platforms deliver the highest levels of security, data integrity, and backup/recovery facilities. This is because they make huge investments in technology, along with a critical mass of IT experts and engineers that publishers often cannot afford to provide by themselves. SaaS providers now handle much of the security for cloud applications, securing the platform, network, applications, operating system, and physical infrastructure.

User Level Breaches

Even though data security provided by the cloud provider may be strong, breaches can still be significant if publishers do not install strict processes and procedures at the user level. Gartner estimates that 95% of cloud security failures are the customer’s fault.

Most companies are alert enough to prohibit access from uncontrolled personal devices, but when data is stored in siloed systems across multiple apps, in a web of accounts, files and assets, it’s often very difficult to manage compliance. Left to themselves, end users will often change control file settings, create their own user groups, install third-party apps etc., and this often leads to ugly data-breach headlines.

To avoid security breaches, publishers must implement improved security processes. It’s easy to fall into the trap of solely providing developers and data users with permissions to any cloud resource and ignore the additional procedures that are necessary in the new environment. These processes need to be identified and installed from the beginning, or the business will be exposed to all manner of illegitimate access. Publishers must take the following steps:

  • Create secure procedures around data access
  • Utilize modern data encryption, and potentially
  • Take advantage of data protection software

Create Secure Procedures around Data Access

First define the specific data you want to protect. Personal Identifiable Information (PII) is clearly sensitive, covered by GDPR, for example. Company information such as financial data, contract details, HR, accounting, and billing all qualify, among others. You should identify where this information is stored, how it moves inside and outside your organization, and who has access to it.

Once this data inventory is complete, publishers can set specific protection mechanisms and necessary controls. The average company uses more cloud services than their IT departments are aware of, some of which are high-risk.

Publishers can deploy Cloud Access Security Brokers (CASB) to audit their networks for unauthorized cloud services and compromised accounts. Onboarding and offboarding procedures are often problems. Collaboration controls can detect granular permissions on files that are shared with other users, including users outside the organization who access the file through a web link. Employees may inadvertently or intentionally share confidential documents through email, internal collaborative software such as MS Teams, and cloud storage sites such as Dropbox.

Uncontrolled USB devices can easily become a threat and their use should be banned. Removable drives can lead to sensitive data loss due to their small size and pervasiveness. Note that USB-based threats are not limited to storage drives: any device that connects through a USB port, including phones and printers, presents a risk of data loss or intrusion.

Everyone inside the organization needs continuous training on cybersecurity principles, best practices to ensure the safety of sensitive data, and threat avoidance. This specifically includes educating employees on not clicking suspicious links, ensuring that the system, antivirus, and other applications are up-to-date, and not sending sensitive company information through insecure channels.

Data Encryption

Data encryption protects both stored data and data in transit to and from external applications. Sensitive data should be encrypted. In the case of cloud apps, this service may be provided by the cloud provider.

By encrypting computers’ hard drives, you can ensure that no matter how a device is booted up, users without a decryption key cannot access the contents. This is typically provided by the OS including Windows and macOS, for example. You may also use these tools to encrypt files and folders. If you must use removable devices, encryption will ensure that employees can take advantage of the convenience without jeopardizing company data.

Take Advantage of Data Protection Software

Antivirus software and firewalls are essential to guard against outsider attacks. However, publishers must also ensure that sensitive information is not lost or stolen through employees’ neglect or malice. Data Loss Prevention (DLP) software detects and prevents sensitive data from being downloaded to personal devices and blocks malware or hackers from attempting to access and download data.

Companies should ensure that end users do not gain access to more resources than they require for their jobs. A role-based Identity and Access Management solution (IAM) uses processes and user access policies to determine what files and applications a particular user can access.

Advanced malware prevention includes technologies such as behavioral analytics and real-time threat intelligence that can help detect and block attacks and malicious files that spread through cloud email and file sharing applications.

Contact knk Software today to learn how we can future-proof your system and revolutionize the way your business operates.

 

Photo by Creativeart on Freepik.