1. Not Treating Data Protection as a Top Priority.
Prioritize data protection first and foremost. While attacks may be inevitable in this day and age, losing your sensitive data is not. Regardless of your company's size or industry, odds are you will face the inevitable cyber attack. Small businesses too often assume that they’re too small to be noticeable or attractive to attackers or that they will be protected by “security through obscurity.” This misconception can have disastrous consequences as cybercriminals target companies who are the most susceptible to attack – regardless of their size.
2. Failing to Identify Your Critical IT Assets and Sensitive Data.
Failing to identify which IT assets within your business are the most valuable and what type of sensitive data they hold will thwart your efforts at gaining the visibility and control capabilities needed to prevent attackers from accessing and stealing your sensitive data. After all, how can you protect your business' most valuable data without knowing what it is, where it's stored, and how it is accessed and used?
3. Not Protecting those Data Assets.
Even if sensitive data is identified, companies often forget to label it, which increases their risk profile. Classifying sensitive data with digital labels such as “internal only” or “confidential” will help with tracking and protecting information that will be targeted by attackers. Maintain complete visibility over who is accessing your data and how it’s being used and shared, both internally and externally. That visibility, combined with simple classification of data sensitivity, enables more effective protection that focuses on your most sensitive data.
4. Ignoring Security Education for Employees.
This is one of the most common - and most costly - mistakes that companies make. Employees must be educated in password and data security hygiene while learning to recognize social engineering techniques and common attack methods so they won’t be vulnerable to cybercriminals’ deceptions. Remember: it only takes one employee falling victim to a phishing attack to give a cybercriminal potential access to your entire IT environment. Building and maintaining a strong "human firewall" is as critical to security success as any other technology or process.
5. Thinking that “Compliance” is Enough.
Although many industries have basic compliance requirements, like HIPAA, PCI-DSS and Sarbanes-Oxley, these compliance standards are just the beginning to securely protecting your sensitive data. They’re a good foundation, but more must be done to keep business-critical data - beyond credit card numbers and social security numbers - safe.
Advanced Threat Protection - Building a Kill Chain Defense
Detect and stop targeted attacks with a data-centric approach that protects sensitive data regardless of the source of attack.
Related ArticlesWhy I Signed on with an IT Security Vendor
Here's why I jumped to the vendor side of the fence after 12 years as a Fortune 100 incident responder and threat researcher.Friday Five: 1/24 Edition
Job performance details of over 900 employees left exposed online, a new ransomware family targets Windows 10 users, and more - catch up on the week's news with the Friday Five.Of Bugs and Bounties
When vendors first began crediting security researchers for reporting vulnerabilities in their products, the reward typically was your name in 12-point Arial at the bottom of a security advisory*. Those days are long past, and the bug bounty game has changed so dramatically now that independent security researchers can make a very comfortable living by finding bugs in the right kinds of products.