Astrid
Wolff

10 essential steps to ensure enterprise data security

Astrid Wolff

Nov 30, 2021

9 min read

 

There’s no silver bullet solution with cyber security, a layered defense is the only viable defense.

-James Scott, Institute for Critical Infrastructure Technology

Businesses have been migrating to the cloud, and the fears it entails are not unforeseen. Unfortunately, being busy buckling themselves up to face cyber threats and taking steps to raise awareness, many of them fail to recognize security risks prevailing right under their noses: those created by their own personnel. As per the 2020 Data Exposure report, over 63% of employees admit taking corporate data with them while moving onto a new job. Although over half (51%) of the workforce know the dangers of carrying away corporate data, 87% of employers fail to ensure enterprise data security.

When a departing employee moves out with corporate data, the consequences range from significant financial harm to the company going out of business.
For example, Cisco had to spend $1.4 million to repair their cloud infrastructure after a former employee deployed malicious code into their system. The company also had to pay off $1 million as compensation to its users.
Another example is a former DuPont engineer who handed over sensitive and proprietary information to a Korean competitor on his termination. As a result, DuPont lost millions.

So, it is up to IT and HR to ensure that nothing but the employee alone leaves the front door. Limiting employee access to sensitive corporate data and adopting necessary authentication mechanisms are some of the basic precautions deployed by most enterprises that run cyber.

But are these measures worth enough to ensure enterprise data security? Obviously not! This blog will take you through 10 essential steps that corporates must adopt to avoid being robbed of what is rightfully theirs.

1. Filtering what comes inside

As the phrase goes, “A business is only as effective as its people,” so the onboarding process within a company must be streamlined to guarantee a productive workforce. After clearing the background check, employees are usually required to sign additional contracts, one of which is the ‘Confidentiality Agreement.’ Such commitments, as well as the responsibilities they agree to undertake, must be made known to them.

Hackers say that the quickest way to breach a company’s security control is through an employee.

With a shift in momentum to remote work, employees now have a more significant role to play in enterprise data security. As a result, security-based orientation classes covering information on devices, networks and resources that can and cannot be used to access corporate data are a necessity.

2. Right access to the right resources

An employee steals corporate data files
Ensure that the right person gets the right access to the right resources
 

Identity and Access Management (IAM) sums it all. IAM is a framework of policies and technologies to ensure that the right users have appropriate access to resources to get their work done. While there are dedicated IAM tools like Oracle Identity Cloud Service, Okta and BetterCloud support automated onboarding as a feature to ensure that employees gain access to the appropriate files the moment they step into the company. Additionally, sharing confidential data or adding unwarranted super-admins by an employee with elevated access alerts the IT.

It would be ideal to not let employees act as individual administrators.

Employees who are administrators of their company-owned devices might install applications bringing in malware, ransomware or any other threat, thereby corrupting the corporate network.

3. Staying up-to-date

‘Your device is out of date. Restart device …………… Remind me later’.

Quite familiar with clicking on ‘remind me later’ the umpteenth time? Ever wondered why your device is quite insistent on updating your OS?

Device attacked by ransomware
Ransomware does not steal your data; rather, it prevents you from accessing it
 

The WannaCry Ransomware attack of 2017 was a global cyber-attack that targeted Microsoft Windows operating systems. Even though Microsoft had released patches, WannaCry proved to be a nightmare for those organizations that weren’t using these patches or hadn’t updated their OS.

Outdated OS has proven to be yet another golden door for hackers. Though the phrase ‘Update your device’ might pop up at inconvenient times, ignoring it can expose us to cybersecurity threats. OS and app updates bring with it more than just new features. They come with solutions to repair security loopholes, remove bugs, improve performance and ensure compatibility.

4. Content Archiving

The amount of data generated within the healthcare, logistics or other business sector is unfathomable. Now imagine hunting for that ‘one particular file’ among the dozens that clog up your primary storage space. Since not every piece of information needs to be accessible to every employee 24/7, content archiving can be opted to prevent the chaos of stashing files on your primary storage. It isn’t just about relieving your storage space; content archiving promises streamlined search and effective recovery in the event of file deletions. While email archiving is a time-honored practice, currently, enterprise contents like social media posts, blogs, infographics and white papers are also archived.

Always have a backup plan!

Though archiving is a kingpin in our efforts to protect data, it is not a substitute for backup. Instead, both of these are best practices corporates must employ to ensure enterprise data security.

5. Enterprise Content Management (ECM)

Gone are the days when different processes had to be handled by different tools. ECM doesn’t refer to a particular technology or product; instead, it’s an umbrella term describing the combination of methods, tools and strategies that manage, store, archive and delivers information to the right people at the right time. Furthermore, ECM doesn’t discriminate between structured (databases, code repositories) and unstructured content (Office documents, emails, PDFs). With a sudden shift to remote work and with content generation at its peak, ECM proves handy by retaining what’s necessary and removing duplicates.

Automated workflows, disaster recovery planning, document scanning, integrations and user access controls- a good ECM software covers it all.

Some of the ECM software products recognized as leaders by Gartner are Box and OpenText.

6. Virtual Desktop Infrastructure (VDI)

Virtual desktops are preconfigured images of operating systems and applications in which the desktop environment is separated from the physical device used to access it.

Though virtual desktops have been in the game for over a decade, 2021 is being billed as the year of virtual desktops. Despite the fact that many businesses fear adopting virtual desktops, VDI does boast of many advantages like ensuring workplace flexibility, cost-effectiveness and centralized troubleshooting. One of the most tempting characteristics of VDI is the inability to exfiltrate data into a USB or hard drive as it isn’t stored locally, protecting corporate data from ex-employees. Citrix, Dell, Microsoft and VMware are some of the key players in the virtual desktop infrastructure market.

7. Encrypting top secrets

An 'access denied' screen pops up in the screen of a hacker
Encrypting your files is the first basic step towards protection
 

Egress’ Insider Data Breach Survey 2021 has revealed that an overwhelming 94% of organizations have experienced insider data breaches in the last year. Among the many contributing reasons, 28% of IT leaders state malicious insiders as their top concern’.Being aware of these harsh figures, companies have begun to invest in enterprise data security techniques. Encryption has emerged as a powerful tool in the data security arsenal.

What is device encryption and why do you need it?

Encryption is all about converting plain text into ciphertext, making things way more difficult for hackers. So be it a misplaced or assaulted device, encryption comes to the rescue. Only a decryption key can help decrypt the ciphertext.

Encrypt the crown jewels!

If you belong to an industry that hasn’t yet started out with encryption, take the first step of encrypting the assets that could be a game-changer if fallen into the wrong hands. Identify valuable data and provide the strongest defense.

8. Data Loss Prevention (DLP)

Corporate data is what keeps the corporate running.

Imagine how a few minutes of cyber accident can undo years of your effort dedicated to building organized data. Your business would see the exit door. With more and more data being stored in the cloud and growing concerns regarding data breaches and cyber-attacks, data loss protection technologies are a pressing priority.

Data Loss Prevention (DLP) is a program that integrates technologies, strategies and processes to ensure data protection by preventing unauthorized personnel from accessing the organization’s sensitive information. Furthermore, DLP assists network administrators in monitoring and managing the data being transmitted, thus preventing employees from transferring confidential data outside a business. If your company is subject to compliance regulations such as HIPAA or GDPR or seeks additional visibility into data movement, you would want to implement DLP tools like McAfee.

9. Security Information and Event Management (SIEM)

An employee steals corporate data files
Keep an eye out for any suspicious activity
 

General Electric (GE) couldn’t prevent their employees from selling trade secrets as they were unable to keep track of suspicious activity going on behind their backs. As a result, GE lost several tenders, as well as business data.

SIEM solutions can help prevent such incidences from being a nightmare. SIEM is a security solution that helps organizations keep an eye on potential security threats and vulnerabilities before they have a chance to disrupt business operations. It detects anomalous user behavior and uses artificial intelligence to automate many manual processes associated with threat detection and incident response.

10. Unified Endpoint Management (UEM)

Cyberspace has always been ground to the cat and mouse game between data protectors and data robbers. Once upon a time, firewalls, anti-virus software and strong passwords were our defense tactics against cyber threats. Now, with IT dealing with complex cyber cases, only a contemporary solution can help them out. With a train of devices and a great deal of data under custody, we need a unified solution to ensure device and data protection. That’s where UEMs come into play.

Hybrid work is the future of work.

With corporate devices running remotely, IT faces difficulty in integrating legacy systems into new devices. Unified Endpoint Management reduces the burden by connecting these devices. In addition, UEM solutions like Hexnode promise a whole range of remote actions (location tracking, device wipe, remote ring, install/uninstall application) while still ensuring enterprise data security.

In a nutshell

Endpoints are doorways into your corporate’s data, and we need cyber-tight solutions to bolt these doors. The right technology must be adopted to secure our network premises. Though putting a complete stop to insider threats might seem unachievable, UEM solutions like Hexnode can solve a bunch of issues. With cybercrimes being the highlight of today’s news, take action to make sure your organization isn’t the next one in those headlines.

Share

Astrid Wolff

Product Evangelist @ Hexnode.

Share your thoughts