Top 10 Neglected Data Security Best Practices
The latest Netwrix IT Risks Report delves into how companies are battling cyber threats and ensuring compliance. Regrettably, the findings show that companies fail to do enough to combat the bad guys by not implementing data security best practices.
The following are the ten most often overlooked security best practices.
#1. Classify data based on its sensitivity
Data-classification experts advise that information be updated twice a year to reassign privileges and ensure only those with approved access have it.
Facts: reality check 62% of companies find that they reclassify data yearly or less.
Many organizations use user classification of data, which rarely provide inaccurate results. Look for classification and exploration items that have built-in functionality.
#2. Update data access rights
To avoid unauthorized access to information, security researchers suggest strictly implementing the least-privilege principle and periodically checking access rights, such as after employee termination.
Reality check: 51% of companies fail to renew data access rights every year when you opt-out of implementing data security best practices.
Pro tip: Look for governance solutions that enable you to evaluate and monitor access rights on an ongoing basis as well as on an ad hoc basis. Additionally, look for monitoring and alerting resources to ensure that everything is completed correctly and safely.
#3. Review data available to everyone
To minimize the likelihood of confidential data being compromised, security professionals recommend that companies conduct a risk assessment at least every three months to ensure that publicly accessible folders and shares do not contain sensitive data.
Reality check: 76% of companies do not perform this activity consistently enough, and others do not perform it at all.
Pro tip: Find solutions that allow you to automate a continuous process for discovering, classifying, and securing content independent of its location, thus reducing the attack surface.
#4. Get rid of stale data
When data is no longer used for business operations, it should be stored or deleted (unless enforcement requires it). Experts recommend doing it every 90 days to minimize security risks.
A dose of reality: Just 18% of organizations delete irrelevant items every quarter, which means 82% of organizations unnecessarily raise their threat exposure.
Pro tip: Implement an automated solution for identifying stale data and collaborating with data owners to decide which data should be stored or permanently removed.
#5. Conduct asset inventory regularly
It is recommended that you get familiar with identifying your properties (e.g., applications, hardware, data, and computing systems) at least once every three months. The respondents, only one in four adhere to the suggested timeline and thereby the acceptability to adopt data security best practices.
Another helpful tip is to use an asset management system that provides greater convenience and ease of data collection and processing to quickly get asset monitoring up and running.
#6. Update and patch software promptly
By applying security patches to your applications regularly, you can help minimize vulnerabilities. The prescribed frequency varies according to the criticality of the patch and the device and other factors; it ranges from weekly for critical patching to quarterly for less critical patches, such as routine patches.
The reality is that 33% of companies fail to upgrade their applications even once every 90 days.
To prevent incompatibility or performance problems, create a personalized testing environment or, at the very least, a section for patch testing.
#7. Perform vulnerability assessments
Regular vulnerability audits to assist you in identifying security vulnerabilities and mitigating the risk of assault. Security analysts advocate doing these tests every month at the very least.
Reality check: 82% of companies conduct this activity either twice a year or not at all.
Pro tip: Look for products that can consistently assess risks to your data and ensure that you understand which threat actors are causing the most damage to your company. Even further, look for software that can intelligently include warnings to minimize false alarms.
#8. Create and maintain an incident response plan
A resilient protection response plan comprises several components: Create a proposal, have it approved, train employees regularly, and conduct test runs.
The reality is that 83% of companies confess to failing to complete any of these levels.
Conduct random experiments to determine how administrators and everyday users respond to security threats and to determine how well the strategy works in practice.
#9. Update admin passwords regularly
If attackers breach an administrator’s credentials, regardless of whether the password is exchanged, the entire IT system is at risk. Security specialists suggest that administrators change their passwords at least once a quarter.
Reality: Just 38% of businesses update their administrator credentials at least once each 90 days.
Pro tip: Avoid using shared administrator keys, even though they are updated weekly. Each privileged user must have their administrator keys that suggest adopting data security best practices by updating the same regularly.
#10. Update user passwords regularly
Administrative credentials are also used to gain access to data. Passwords should be changed at least every 90 days as a standard security procedure.
As reality tells us, approximately 42% of companies need users to update their passwords on a less regular basis.
Hint: It is a good idea to require users to select robust passwords (e.g., contains upper- and lower-case letters, digits, include a different character, and/does not include any number, and at least three other characters and two different symbols). Consider having multiple form factors and single sign-on as additional protection.
Using these ten effective security practices will significantly reduce your exposure to attack while also minimizing your potential exposure to security and enforcement issues. The team at Computer Solutions East plays a pivotal role in preventing hackers from stealing confidential data and tarnishing your company’s image by strictly applying standard security practices such as identifying, classifying, and protecting it.