You can’t control what you don’t know. The first step to securing your technology infrastructure is to know what is being used within your organisation through audits and regular assessments. Using a Cloud Application Security Brokering (CASB) solution will help you identify the applications in use, as well as the potential risks.
Bring the board along
Whereas data security was once confined solely to the IT department, it is now an all-of-business challenge. Bringing senior executives and C-suite leaders into the conversation is crucial in building a secure system. This means consulting regularly across teams, and communicating issues to board members clearly, in terms they understand.
Educate all staff
Basic security begins on the frontline, and educating employees about vulnerabilities and prevalent types of attacks is vital. To ensure sensitive data is not lost, destroyed or held to ransom, the onus is on organisations to provide regular training and knowledge assessments to staff, and to uphold bring-your-own-device (BYOD) policies.
Make an action plan
An established security action plan will help you prevent sensitive data being leaked or misused. Designed to mitigate cloud risks, an action plan should also include detailed disaster recovery responses and plans to handle outages with your cloud provider.
Between October 2014 and March 2015 alone there was a 49 per cent increase in the number of new mobile malware instances globally.
Watch the shadows
As employees aren’t always willing to wait for approved IT solutions, knowledge gaps or “shadows” in the understanding of cloud app usage often occur. This can result in hidden costs stemming from compromised data and attacks, such as malware or phishing. According to Telstra’s Cyber Security Report, between October 2014 and March 2015 alone there was a 49 per cent increase in the number of new mobile malware instances globally.
Don’t forget passwords
Secure passwords are paramount for secure technology. Where possible, use two-factor authentication rather than just username and password access for IT infrastructure and web applications. Also make sure to activate password lockout after a fixed number of failed login attempts.
Measure for success
Metrics are paramount for measuring success and tracking organisational performance in line with goals, tactics and outcomes. Regularly scheduled penetration and vulnerability scan testing will also help ensure the appropriate tools are in place, allowing you to readjust targets and plans to remain secure.