Več nedavnih odmevnih primerov izgube podatkov služi kot svarilo za organizacije, ki ravnajo z občutljivimi podatki – vključno z nedavnim primerom, ko osebnih podatkov skoraj pol milijona japonskih državljanov je bil postavljen v ogrožajoč položaj, ko je bil pogon USB, na katerem je bil shranjen, izgubljen.
Regardless of industry, all businesses handle sensitive data — whether it’s storing HR or payroll files that include bank information and Social Security numbers or securely logging payment details. As such, enterprises of all sizes should have a preprečevanje izgube podatkov (DLP) strategijo, ki zajema celotno organizacijo. Organizacije bi morale svojo strategijo DLP pogosto posodabljati, da bi upoštevale ne le razvoj načina shranjevanja, upravljanja in premikanja podatkov, temveč tudi napredek v kibernetskem kriminalu.
Nekatera podjetja so dodala strokovnjake za informacijsko varnost, ki se osredotočajo izključno na DLP, vendar bi morala celotna ekipa za kibernetsko varnost deliti odgovornost za zaščito občutljivih podatkov. Močna strategija DLP ščiti stranke in ohranja celovitost podatkovnih operacij. Tukaj je nekaj najboljših praks za usmerjanje organizacij, ko delajo na uvajanju nove strategije DLP ali izboljšanju obstoječe:
1. Vedite, kateri podatki so občutljivi
It may be tempting for organizations to apply a universal standard for data security across their business, but putting guardrails up for all information and every process can be an expensive and onerous task. By reviewing the different types of data employees work with and have access to, leaders can determine what data qualifies as sensitive and tailor their organization’s strategies to protect the data that matters most. When leaders become familiar with the flow of their organization’s data, it allows them to identify the people and departments that need to emphasize cybersecurity measures the most.
2. Varnostno kopiranje, varnostno kopiranje, varnostno kopiranje
An ounce of prevention is worth a pound of cure — and when dealing with sensitive data, it may even be worth millions should an organization’s data be zadržan za odkupnino ali povzroči drago izgubo IP-ja. Ko podjetja identificirajo posebne vrste podatkov, ki se štejejo za občutljive, jih morajo zaposleni varnostno kopirati na več mestih, vse v skladu z varnimi protokoli. Varnostne kopije ščitijo pred poškodbami zaradi poškodovanih datotek in nenamernega izbrisa, poleg tega pa je zaradi njih podjetje manj ranljivo za izsiljevalce, ki bi lahko poskušali zadržati podatke za odkupnino. Varnostne kopije na pomnilniških napravah ali strežnikih z zračno režo so najbolj varne, saj so fizično ločene od interneta in jih je mogoče ustrezno zaščititi.
3. Opolnomočite svoje ljudi
Even the most secure data loss prevention strategy can be foiled by a successful phishing attempt or a password written in plain text. Uninformed employees can fall prey to the latest scam or social engineering, unwittingly exposing their organization’s data to bad actors. When leaders empower all levels and people in their organization to be an active part of security efforts, it safeguards against data loss and theft. It’s critical to provide consistent training about cybersecurity risks so that employees — from the CIO to the newest intern — are aware of the newest threats to data.
4. Razmislite o celotnem potovanju podatkov
Tudi ko organizacija vlaga v ustvarjanje zelo varne podatkovne infrastrukture, se lahko te zaščite razkrijejo, ko občutljivi podatki zapustijo to okolje. Za podjetja, ki uporabljajo a oblak rešitev za shranjevanje, so lahko občutljivi podatki ranljivi, takoj ko zaposleni uporabljajo nezaščiten javni Wi-Fi. Trden pristop k varnosti podatkov bi moral upoštevati vse načine, kako si zaposleni delijo občutljive podatke znotraj in zunaj uveljavljenih platform.
5. Imejte načrt hitrega odzivanja
Following data protection best practices can make breaches, hacks, and data loss less likely. However, there’s always the possibility that they may happen, so you have to have a plan in place if something does go wrong. By having a plan in place, leaders can act swiftly to mitigate damage. The specifics of each rapid response plan depend on the nature of the data that has been compromised, but a plan may involve starting a data recovery process, remotely revoking access to shared storage solutions, promptly notifying employees or customers of a vulnerability, or alerting the proper authorities or customers that a data breach has occurred. It is important to already have a rapid response team in place to quickly conduct forensics, determine what data may have been compromised, follow laws and regulations about notifications, and also direct the proper resources to ensure the correction of any identified cybersecurity vulnerability.
These best practices provide a strong baseline for how to implement a new DLP plan, and can make existing strategies more resilient and effective. While the specific protocols in a DLP plan should be designed to fit organizations’ individual needs, they should always drive toward the same goal: preventing data breaches and maintaining personal and professional privacy.
- blockchain
- kriptokurrency denarnice
- kripto izmenjava
- kibernetska varnost
- cybercriminals
- Cybersecurity
- Temno branje
- oddelek za domovinsko varnost
- digitalne denarnice
- požarni zid
- Kaspersky
- zlonamerna programska oprema
- Mccafee
- NexBLOC
- platon
- platon ai
- Platonova podatkovna inteligenca
- Igra Platon
- PlatoData
- platogaming
- VPN
- spletna varnost
