Do you have a good enough data security plan in place?

There are a number of polls which seem to suggest that a number of key individuals within the IT and business communities simply don’t believe that we’re collectively doing enough to ensure data security.  Sure, in recent times we’ve seen some pretty amazing solutions being developed of the likes which promise to keep the thieves out, but as you’re probably already aware, eventually, some type of weakness will be identified and exploited.  Now, does this mean that we’re hopelessly at the mercy of a bunch of radical criminals?  Actually, no; there are a few things you can do to improve your overall approach to data security.

Aside from the standard methods which we currently use to create data security solutions (which we’ll cover shortly) there’s one obvious thing that you or your business can do to prevent most attacks, which is to “stay updated”.  What does this mean exactly?  In short, you should do your best to stay abreast of all the latest developments in the world of data security.  There’s a very good reason for this; you see, one of the constants when it comes to data security is that the criminals are nearly always perpetually “behind” when it comes to breaking the technology organizations are using to ensure security.  In other words, whenever a new type of security product / service is released, it takes time for the thieves to figure out a way to exploit some unknown weakness that this new solution might possess.  Needless to say, this provides those who are quick enough to stay on the cutting edge with a distinct advantage.

As morbid as it might sound, the old saying seems to ring true (in the world of data security as it does in other regards) “if you’re being chased, you don’t have to be the fastest animal in the pack, you just need to be faster than the slowest among you”.  Or, to put it another way, while the criminals are busy trying to figure out how to crack the slightly older security system of your competitor(s), you should try to make sure that you’re relying on something more “current” if you want to stay “ahead of the curve”, so to speak.

Similarly, it’s a good idea to seek out employees who have more experience in the field of data security as well as those who might actually have certifications in some related discipline.  Also, one should always take the time to explore what types of data security professional development books are available (at any given time); for example, here’s one that’s designed to teach you a slew of high-impact strategies as well as imbue you with other technical knowledge such as definitions and specific benefits.

In terms of conventional data security, there are basically 5 typical approaches, tools or technologies which people currently rely on; they are – hardware mechanisms, encryption, erasure, backups, and masking.

Hardware mechanisms for data security are designed to create what you might call ‘physical barriers’ between hackers and your data.  A classic example of this would be security ‘dongles’, or small pieces of hardware which must be physically attached in order to grant access to certain data.  In other words, with this type of approach in play, you can’t even access certain data unless you have the dongle, insert it and are physically present.  Of course this won’t always provide rock-solid protection if you have criminals working on-site, but it’s an excellent approach for preventing remote access of critical data by unwanted parties.

Encryption is arguably the world’s oldest method of ensuring data security; it can be either software or hardware based and involves coding data via a cipher into an unreadable format.  Of course encrypted data can still be accessed on occasion, and ciphers can be broken, but when higher levels of encryption are employed the amount of time needed to break them tends to skyrocket.  In other words, when it comes to higher levels of encryption, deciphering them could potentially take months or even years.

When data becomes no longer useful it is slated for erasure, or a software-based overwrite.  The idea of course is to completely destroy any information residing on something like a hard drive so that no one can come along later and access it, this is quite common, especially among companies that routinely upgrade their hardware on an annual or semi-annual basis.

Of course there are other concerns falling under the heading of data security that don’t involve theft, not the least of which is being able to retrieve data backups in the event of a disaster.  Anyone that’s familiar with or has worked in any IT department will be able to tell you – having a data backup solution is more than just a good idea, it’s absolutely critical, particularly for businesses that rely heavily on IT services.

Lastly, there’s masking, which involves simply using things like tables or cells to mask sensitive data.  One of the best examples of this is found in most online bill pay systems; for example, when you input something like a credit card number or a password you’ll see asterisks instead of the number itself.  The purpose of this, obviously, is to prevent someone from getting a glimpse of your sensitive data, perhaps via remote screen capture or direct access.

If you even doubt for a second that your organization is a bit lax when it comes to data security you should do everything within your power to begin making changes to prevent breaches.  In today’s world, data is becoming just as valuable as many physical commodities; given this reality, doesn’t it make sense for someone to devote more time, money and energy toward security?


Click here for high-impact data security strategies