For the past year or so, we’ve all witnessed a series of staggering data breaches among some of the biggest names in business. Each breach is seemingly worse than the last in terms of financial and reputational damage.
After incursions into Target, JP Morgan, Sony Pictures and others, I’ve been asked, “has it reached the point now where some information is simply too sensitive to entrust to computers?”
4 Key Questions to Ask About Your Data Security
My response is this – they’re not asking quite the right question. Instead, when it comes to data security, here are the four hard questions that you should ask:
- What information should you keep off-line (in removable thumb or hard drives, for example) and unconnected from the Internet?
- What is your backup / recovery strategy if one of your machines or your network is attacked?
- Are you limiting the extent of potential damage by utilizing air gaps within your network to isolate data and traffic?
- Does your IT group have unlimited access to your most sensitive systems?
If you’re not carefully considering these four questions, you could end up dealing with a single compromised system that results in the total takeover of your IT infrastructure. Persistently connected systems, and broad permanent access to sensitive systems without backups, were the core problems at Sony and some of the other companies that suffered massive data breaches.
The fact is, intruders will get it in. IT departments must anticipate breaches. End-user must expect that their most sensitive emails could be made public.
The lesson of the Sony Pictures hack is that without active and automated privileged account management to limit damage internally, organizations are taking extraordinary risks and are acting naive about the capability of today’s cyber attackers.
Hackers will get past typical perimeter security tools. At that point, if your organization has not invested in proper IT security controls and processes, the damage could be extensive.
By Philip Lieberman, President and CEO, Lieberman Software
Mr. Lieberman is an astute entrepreneur able to perceive shortcomings in the cyber security market, and fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions for this burgeoning security field.