Data, the most valuable asset of companies.
Data protection has become one or even the primary goal of Information Systems Security (ISR) managers. All the information must be under protection as much for the good continuity of the activity as for legal obligations. Whether internal data (CRM, accounting, patents, know-how, commercial information) or external data (customer banking data, identification information), enhanced monitoring is necessary.
The 2 risks that concern mainly companies are the decline in activity and reputation.
Example: A hacker manages to make an e-commerce site unavailable by sending a large number of requests until saturation of the web server (DDoS attack) or exploiting a vulnerability known on Prestashop but not patched. The company will be unable to sell its products which will affect its turnover immediately. In addition, the second consequence will be the loss of trust of customers towards the merchant. The reputation that takes so long to build will be tarnished and will remain negative for a long time. Even worse, if confidential client data has been compromised, there will be the criminal prosecution.
5 preventive tips to ensure the security of information systems.
Raise awareness among users
84% of IT security incidents are related to the human factor according to a study conducted at the RSA Conference by BalaBitITSecurity. Whether inadvertently or intentionally the risk is real. If privilege control is the only way to guard against malicious people, training employees are necessary to avoid clumsiness. They must be aware of the IT risk and good practices to be respected. Trainers can rely on ANSSI, PCI-DSS, OWASP or CIS who have implemented safety rules to follow. All services are concerned because it only takes an open door for hackers to have access to sensitive data from all departments.
Secure network access
The best techniques for securing a network using a variety of strong authentication methods based on a certificate, encryption, or one-time password. It should be remembered that devices connected to networks must also be secure. Antivirus and firewalls are needed but they will only be effective if they are properly configured and updated daily. The physical security of the network should not be neglected because physical access to computers remains and will always be one of the easiest and most used methods to steal information.
Back up the data
Automatic data backups have become a “must have” for all businesses. The easy way for many CISOs and CIOs to be cyber-attacked is to restore the data before it has been compromised. They can thus ensure a continuity of the activity. This does not solve the problem but the business can continue. You can back up the data on a physical device to maintain information internally within the enterprise. It will then double the security by protecting the backups by encryption to guard against burglary or physical incident. Another solution is to place your backups at a host that will offer you enhanced protection and continuous access to data. The majority of solutions allow you to schedule daily automatic backups.
Ensure the availability of materials and sites
Companies are migrating more and more to the cloud. According to Gartner, in 2020, businesses that are not in the cloud will be as numerous as those that do not use the Internet today. In addition to reducing its investments in its IT infrastructure, hosting data, services, applications, platforms, infrastructure in the cloud helps reduce physical risk. In the event of an incident such as a fire, an attack or a burglary, for example, the availability of data will not be questioned. In addition, IaaS providers have a very advanced security policy that ensures continuous availability even when a physical incident hits their data center. Indeed, they are responsible for the security of the infrastructures, applications, and services that they make available to their customers
Monitor the weak points of the IS in a continuous way
A vulnerability detection solution must be put in place to reduce its attack surface. Indeed, in 2016, 28 new vulnerabilities were detected each day on average. It will make it possible to detect anomalies upstream.
According to the computer budget of the RSSI, he will use an “open source” or commercial tool. The main advantage of paid solutions lies in the reports they generate that will save valuable time. In addition, some will offer additional features such as key risk indicators, the level of risk of the company or the customization of reports. It is necessary to do vulnerability analysis regularly or even daily to improve the processing time of security vulnerabilities. The workload will be smoothed every day, which will allow the CISO to be responsive as soon as a new critical flaw appears.