3 Tips to determine which assets need the most protection
The key asset that a security solution helps to protect is your data — and a major part of the value of many businesses is often in their data. Investing in your company’s network security is the first line of defence between your business and online attackers, however, no solution is 100% impenetrable. Most companies simply aren’t protecting their digital assets appropriately and this is one of the reasons why there are still so many breaches taking place.
It is then necessary to develop a security programme to identify what data is covered and what is not. Such a programme will assess the risks your company faces and how you can plan to mitigate them. Your entire network needs to be secured, but not everything in your network is equally sensitive. Your company’s security programme will also need to indicate just how often the programme will be re-evaluated and updated so that you know which assets justify additional controls.
Here are three tips to help identify which assets are the most important to protect:
- Determine your company’s ‘money-maker’
These are the assets that are fundamental to the success of your business. This could typically include customer information, intellectual property and future business plans.
- Identify other sensitive data that may not be as valuable as the ‘money-maker’
These are items that wouldn’t necessarily put an end to your organisation if they were to be leaked, but could cause harm to your business or reputation.
- Create a threat model for your business
Figure out the kinds of attackers who are most likely to target your business and what assets these attackers are after.
Keeping organisations safe also relies on constantly educating employees about identifying suspicious communications and new possible risks. In order to eradicate errors made through social engineering and to raise awareness of the potential caused by carelessness, technology and processes must be combined with employee education. This way, employees are aware of the threats they face and the part they are expected to play in guarding against them. Organisations that focus on people, processes and technology collectively, have a better understanding of what they’re up against.
And then of course there need to be reliable and regular backups of all your critical data and these backups also need to be kept off site in a safe environment so that they can be used immediately in order to recover from a data breach or attack such as ransomware. The backups need to be done as often as is necessary to avoid as much disruption to the business as possible – which could be hourly, daily or weekly, depending on the nature of the business. And when backups are being done, bear in mind that they are also vulnerable to attack whilst connected to your network so separate devices need to be used to alternate the backups and a recent backup that is totally disconnected from the network at any one time should always exist.