While a data breach damages the confidentiality, availability or integrity of information, your ability to avoid breaches rests on three pillars: people, processes and technology.
Read these top tips from an expert.
- Start with your staff
Promote an ethical environment for managing information security – starting from the top and promoting it throughout the company. This is likely to involve training or staff awareness programs. You’ll also want to make sure you do background verification checks on candidates for new jobs, in accordance with local laws and ethics. This can include references, criminal records checks, and a general background check by a professional investigator.
Another major point to address is if an employment contract or agreement has been terminated, you should ensure that all company assets are returned on time. These can include:
- Keys and access cards
- Credit cards
Once an employee has left, it is essential that all access rights are removed promptly; there are endless stories about former employees still being able to access the network because of forgotten accounts.
- Establish your security processes
You must come at this from two different routes:
- Establish a security process dealing with the identification of requirements, overseeing their implementation and testing the effectiveness of measures.
- Change established processes to include security elements.
Within this approach, you’ll also need to look at conducting a risk assessment, which will include defining risk acceptance criteria (quantitative or qualitative) and deciding which risk is acceptable or not.
If you are a medium-sized to large company, you are expected to have the following technologies present:
- Intrusion prevention
- Switched networks
- Virus protection
- Spam filtering
- Log file consolidation
- System monitoring
- Single sign-on
- Data leakage prevention
Implementing ISO 27001
Implementing ISO 27001, the international cyber security standard, is one of the major – if not top – strategies for avoiding a data breach.
Not only will implementing ISO 27001 help you achieve effective cyber security and mitigate the threat of data breaches, it provides a solid framework for supporting compliance with the GDPR, because of its holistic focus on people, processes and technology. It was developed by ISO 27001 practitioners to help you implement an ISO 27001-compliant ISMS yourself.