Story image

Time for new security resolutions

27 Feb 15

There's no time like the present for customers to take a good look at their security says Mark Shaw, Symantec Pacific region technology strategist – security.  

With the new year in full swing, it’s a good time for organisations to cast a critical eye over their security processes, practices 
and technologies. 

Channel partners have an ideal opportunity to work with organisations to identify gaps and assess how to better protect the organisation and avoid them being the victim of a headline-making data breach.

To help partners provide the best recommendations to their customers, here are a few suggestions on habits to leave behind, and new habits to adopt.

Know where your data lives It’s 8pm on Thursday… do you know where your data is? Who can access it? Take the time to understand where sensitive data resides, who has access to it and where it is flowing to help identify the best policies and procedures to protect it. 

Remember, protection should focus first on the information – rather than the device or the data centre.

Think like an attacker As attackers plot their attacks, they typically look for the path of least resistance. Look at IT infrastructure from the attacker’s vantage point. Where is the most valuable data stored and backed up? What vulnerabilities could I exploit? What is the most economical way for me to perpetrate and profit from an attack?

Compromise is inevitable. Have a strong relationship with an incident response partner or better yet, have them on a retainer so they’re ready to go to help prevent your compromise from becoming a breach. 

Also, be prepared yourself. More and more companies are taking the added step of running end-to-end incident response drills to test how well the organisation can manage an incident. Remember that an incident response process will likely span multiple business units. It is no longer the sole domain of the IT security team or even the wider information technology group.

Add more layers of protection Protecting the endpoint using only the antivirus component of an endpoint protection technology has been insufficient for years. Using the entire feature set of these technologies is a critical component of a broader arsenal of advanced protection technologies to keep information safe. You can strengthen security infrastructure with data loss prevention, network security, endpoint security, encryption, strong authentication and defensive measures, including reputation-based technologies. 

Educate employees Large-scale data breaches in recent years have continued to highlight that the weakest link in security is often human error. It’s critical employees understand what attacks look like and how to defend against them. Educate users about security threats and the damage they can cause – from password strength to phishing emails, to lost and stolen mobile devices.

Patch your environment on a regular basis Consider your patching frequency and whether this can be automated further. Also bear in mind that two-thirds of vulnerabilities identified are in third-party applications, so increase your patching scope beyond simply the OS. Software updates can include fixes to new vulnerabilities and exploited security gaps. 

Patch back end infrastructures, because it’s not just desktop software that can provide an opening, as last year’s Heartbleed vulnerability demonstrated.

Go beyond the device Tablets and smartphones have increased employee productivity and flexibility, but also introduce new and evolving vulnerabilities into the workplace. Many companies think device-level security is enough to prevent data leakage and breaches, but today’s mobile threats call for deeper protections that also safeguard apps and data. Rethink your BYOD policies to protect at the content, data and app level.  

DigiPlex’s data centre heat reuse system wins award
Its solution to reuse heat to warm thousands of local homes took out the accolade at the recent 2018 Energy Awards.
STT GDC to build hyperscale data centre in Singapore
ST Telemedia Global Data Centres (STT GDC) today unveiled ambitious plans for expansion with its largest data centre in Singapore to date.
Golden opportunities for enterprise e-waste reduction
E-waste is a hot topic in tech circles, and Park Place's EMEA MD believes there could be huge opportunities if data centres and enterprises improve their practices.
How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.