1. Not Treating Data Protection as a Top Priority.
Prioritize data protection first and foremost. While attacks may be inevitable in this day and age, losing your sensitive data is not. Regardless of your company's size or industry, odds are you will face the inevitable cyber attack. Small businesses too often assume that they’re too small to be noticeable or attractive to attackers or that they will be protected by “security through obscurity.” This misconception can have disastrous consequences as cybercriminals target companies who are the most susceptible to attack – regardless of their size.
2. Failing to Identify Your Critical IT Assets and Sensitive Data.
Failing to identify which IT assets within your business are the most valuable and what type of sensitive data they hold will thwart your efforts at gaining the visibility and control capabilities needed to prevent attackers from accessing and stealing your sensitive data. After all, how can you protect your business' most valuable data without knowing what it is, where it's stored, and how it is accessed and used?
3. Not Protecting those Data Assets.
Even if sensitive data is identified, companies often forget to label it, which increases their risk profile. Classifying sensitive data with digital labels such as “internal only” or “confidential” will help with tracking and protecting information that will be targeted by attackers. Maintain complete visibility over who is accessing your data and how it’s being used and shared, both internally and externally. That visibility, combined with simple classification of data sensitivity, enables more effective protection that focuses on your most sensitive data.
4. Ignoring Security Education for Employees.
This is one of the most common - and most costly - mistakes that companies make. Employees must be educated in password and data security hygiene while learning to recognize social engineering techniques and common attack methods so they won’t be vulnerable to cybercriminals’ deceptions. Remember: it only takes one employee falling victim to a phishing attack to give a cybercriminal potential access to your entire IT environment. Building and maintaining a strong "human firewall" is as critical to security success as any other technology or process.
5. Thinking that “Compliance” is Enough.
Although many industries have basic compliance requirements, like HIPAA, PCI-DSS and Sarbanes-Oxley, these compliance standards are just the beginning to securely protecting your sensitive data. They’re a good foundation, but more must be done to keep business-critical data - beyond credit card numbers and social security numbers - safe.
Advanced Threat Protection - Building a Kill Chain Defense
Detect and stop targeted attacks with a data-centric approach that protects sensitive data regardless of the source of attack.
Related ArticlesEnterprise Oversharing: The Huge Security Risk Nobody Talks About
Vulnerable application servers aren’t the only source of juicy information about your company. Your web site and employees may be telling would-be thieves and criminals all they need to know to attack you.Dan Geer on Trade-Offs in Cyber Security
A speech by cyber security expert Dan GeerMore with a Whimper than a Bang: the FFIEC Issues Guidelines for Destructive Malware Risk Mitigation
The FFIEC is the latest government agency to warn industry of the potential for destructive malware attacks, issuing guidelines to banks and credit unions last month. As the potential for destructive malware attacks increases, follow these guidelines to help keep your systems and data secure.