Full Data Protection: Go Beyond Securing the Control Points

  • Full Data Protection: Go Beyond Securing the Control Points

Historically, when an organization thought about properly securing the logical infrastructure, it was about placing controls at the access points. Simply by limiting systems admission for different users and requiring passwords to access certain files/shares, a business could be fairly confident its information would remain private. With the advanced technologies available today, online security has become much more involved. Excellent website security is paramount to most companies and properly securing the data is a top priority for businesses in today’s marketplace. There are three key ways for a company to safeguard its information.

Controlling Data at Rest

Most data stored on a hard drive is fairly easy to protect with measures such as encryption, anti-virus programs and firewalls. These safeguards all provide a different layer of defense against intruders. Another important step that some businesses forget to take or are unaware of is to store smaller elements of data separately and in different places. This precaution can prohibit invaders from gaining access to large amounts of information at the same time and using it for illegal purposes such as fraud. And finally, encrypt the data using accepted standards such as AES256. Always assume the data will eventually be compromised and take the appropriate measures to make it practically useless if it occurs.

Track Data in Use

The more a company knows about how its information and networks are being utilized, the better chance it has of preventing significant attacks to its online security. Because data being used is accessible to more people, it presents a larger threat to companies. Limiting the number of devices and people able to access the data can reduce the risk it will be misused. Forcing privileged users to provide authentication before gaining access to the data is a common safety measure businesses should enforce. Multi-factor authentication will add another layer of security in specially identifying the user and/or device accessing the data. Creation of a data-flow-diagram and tracking when and where data is accessed can alert a company to suspicious activity and expose possible threats. It can also enable a business to improve its security before an attack occurs by identifying problematic patterns or unusual user behavior.

Safeguard Data in Transit

Any time data is transmitted, it is extremely vulnerable. Special precautions are necessary to protect data in this form. As many business deals and transactions require an immediate response, sensitive information such as contracts, government forms and other confidential content are sent through emails. The main problem with this method of delivery is the journey an email must take through multiple network locations before reaching its intended recipient. This provides multiple opportunities for someone with special computer skills to intercept an email and be privy to all the information it contains. Keeping an email and any attached data secure is most easily accomplished by sending it though some type of encryption platform that works with the email system. The email is encrypted and unusable if intercepted. The recipient will need to enter the proper key and/or credentials to access the correspondence in decrypted format.

Both small businesses and large companies face an increasing number of threats to their data security on a daily basis. Avoiding passwords and accessing restricted files are small deals to the criminals of today, and website security needs to be tightly monitored and improved to prevent privileged information from falling into the wrong hands. When there are attackers actively trying to infiltrate company networks, businesses large and small must guard confidential data with intentionality and intensity.

By |2021-10-07T10:26:56-06:00December 1, 2017|


Ronnie Mize is the Chief Security Officer of Information Technology for Etech Technical Services. Ronnie has been in the technology sector for 20 years and has held technology leadership roles with Microtech America, The Berry Company (a subsidiary of Bellsouth) and Etech. His entrepreneurial background includes extensive experience in technology development and deployment as well as implementation of business processes and defined methodology.

Recent Blog

How leaders can embrace teachability?

September 28, 2022

Teachability is a great concept, but what does it mean to commit to being teachable? Below are some tips to help you on your journey!

Read More

The Anatomy of a Phishing Attack

September 15, 2022

Phishing attacks are getting common in today’s dynamic cyberspace. Over time, the pattern of these attacks has evolved to be more destructive.

Read More

How data storytelling makes performance management easy

September 7, 2022

Companies that use data storytelling as a key communication element build stronger relationships with team members and clients.

Read More
Go to Top