Five Steps to Make Security Policies Work
IRVINE, CA, June 9, 2015 – JP Morgan Chase, Sony Pictures, The Home Depot – these are only a few of many victims of cyber-crimes in 2014. This trend of “breachiness” continues to evolve in 2015 including more recent attacks on health insurance giants Premera Blue Cross and Anthem, and the last attack on Federal Government. These headline-making data breaches have driven many companies to take a fresh look at their security policies to ensure that they are keeping up to date with the fast-moving threat landscape.
There is an important lesson to be learned from these incidents: building internal security policies is not enough to guarantee data protection. Businesses need to verify that the controls they have in place support organizational objectives and adequately perform in today’s cyber environment. To help, Netwrix Corporation, the #1 provider of change and configuration auditing software, suggests the following best practices to ensure that internal security policies you are ready to overcome potential security vulnerabilities:
- Determine what is the most critical in your environment. Storing less sensitive data on fewer systems will not only ease the process of maintaining security, but will also minimize compliance costs and help you pass audits smoothly. Decide which data is vital for your business and establish strict control over the most critical systems that contain sensitive information.
- Use compliance standards to strengthen security. Detailed and well-structured compliance standards, such as PCI DSS, give organizations an idea how to enhance internal controls and eliminate the risk of data breaches. Even if you are not compliant, use these requirements as a guideline to improve your existing security policies or build a new one.
- Take user activity under control. End-users that abuse their access privileges pose considerable threat to data integrity. Enable non-stop monitoring of user activity and keep an eye on accounts with extended privileges to eliminate the risk of misbehaving and data compromise.
- Make sure your employees are security savvy. The success or failure of internal controls is in the hands of your employees. Make sure every person in the company is aware of internal security policies and knows what to do in response to a data breach. Regular staff trainings will improve understanding of their roles and responsibilities in case of a violation.
- Avoid repeating same mistakes. Systematic post-breach analysis is an essential practice that helps to close the gaps in IT infrastructure and strengthen overall security. Consider a security violation as a penetration testing and thoroughly investigate each case to ensure that the lesson is learned.
“The biggest mistake companies make when they build internal policies is taking it as a ‘do-once-and-forget activity,’ which gives them a false sense of security and increases the chances of being compromised,” said Alex Vovk,CEO and co-founder of Netwrix. “Since methods of hacker attacks have become more sophisticated than ever, it is absolutely essential to regularly review and update security policies to ensure that they are properly performed so that you can stay ahead of adversaries. Otherwise policies are completely useless in the fight against cybercrime.”
About Netwrix Corporation
Netwrix Corporation, the #1 provider of change and configuration auditing solutions, delivers complete visibility into who did what, when and where across the entire IT infrastructure. This strengthens security, streamlines compliance and optimizes operations. Founded in 2006, Netwrix is named to the Inc. 5000 list and Deloitte Technology Fast 500. Netwrix software is used by 160,000 users worldwide. For more information, visit www.netwrix.com.