5 New Rules for Keeping Your Company’s Data Safe
CHICAGO — January 30, 2018 — As CEOs, executive teams, and boards of directors seek to contain their companies’ cybersecurity risk, technology security firm SpiderOak warns that there are key differences in the cybercrime landscape now — and that companies have to change to meet that threat. In a new white paper, “5 New Rules for Keeping Your Company’s Data Safe,” SpiderOak’s Jonathan Moore and Matthew Erickson outline the key steps that will help level the playing field between a company’s security systems and the attacks occurring at a record pace and scale.
“The modern adversarial environment has advanced so rapidly that current approaches to mitigating risk are completely falling short,” says Moore, chief technology officer at SpiderOak; the firm recently published its new cybersecurity threats and trends for 2018. “But it is possible for a company to vastly reduce the damage and scope of attacks, even in the midst of unprecedented new techniques from attackers. Attacks may be inevitable — and threaten every single business on the planet — but massive, costly breaches are not.”
“By embracing a foundational shift in a company’s approach to cybersecurity, management and boards can turn what could have been a multi-billion-dollar problem into one that barely affects the balance sheet,” says Erickson, director of client services and technology.
Highlights from the white paper’s five key points include:
Rule #1: Have a clear inventory of what data is critical to your organization.
“The era of Big Data has driven companies to collect as much information from customers as possible. Vast pools of financial and personal information are sitting in your organization, and you may not even be using it. Data is a liability that can be measured in dollars, and most companies hoard it without a second thought.”
Rule #2: Create a “two-person rule” for your data and processes.
“While companies often have dual-signature checks and other oversight measures on their cash flow, most lack the same level of accountability across the rest of the organization, including how their data is managed.”
Rule #3: Compartmentalize your data.
“Companies most often keep multiple layers of data — from financials and customer information to its intellectual property, employee SSNs, and company emails — concentrated in one or just a few servers, where the data for one purpose is connected to data for another. This creates a network of linked exposure; a breach in one area can domino quickly into a breach of another database.”
Rule #4: Build your defense in depth.
“Most companies don’t have effective defenses internally between systems. In the interest of cheap and easy deployment, combined with fearing performance penalties among internal systems, most organizations have wide-open security configurations. It only takes one breach for attackers to leverage unsecured internal systems to gain access to their target.”
Rule #5: Keep the keys to your kingdom offline.
“Today’s computing environment, from the CPU up to the web browser, contains millions of ways to enable attackers to compromise systems. But organizations can use hardware tools today that, based on cryptography, enable them to keep their closest secrets on special USB keys, which can be kept in a safe. Even if attackers get control over an organization’s computers, if the secrets are stored and secured in this way, it would be impossible to expose sensitive data.”
“As companies start to see enormous losses from breaches in the form of disrupted business, damaged reputations, embarrassing revelations, remediation costs, and more,” says Moore, “CEOs and executive teams are going to be under increasing pressure to rethink how their organizations are protecting themselves against attacks.”
SpiderOak provides mission-critical data and systems security for organizations and individuals. Using the latest and most secure blockchain technology and encryption, paired with identity management, SpiderOak’s platform defends client assets, intellectual property, and operations against military-grade cyberattacks. Our offerings include an enterprise platform protecting all of an organization’s data, software, applications, and devices; a secure software updater allowing companies to develop and update their applications in a secure way; and secure backup, messaging, file sharing, and storage for large and small businesses and individuals. For more information, please visit https://spideroak.com.
Originally published at SpiderOak.com on January 30, 2018.