|
Security Survivor All-Stars
8 tips to ensure Your customers' personally identifiable Information stays safe.
Plan for one layer of your security controls to be bypassed: A stolen employee password should not provide the keys to the castle.
Review and understand data retention rules. Do not retain personal information longer than required; ensure your practices are safe and within policy.
Conduct annual third-party security audits: Audits help you understand gaps and reduce risk. Implement suggested changes. If an audit sounds scary, your security is inadequate.
Employ need-to-know access: Allow access to data on a need-to-know basis; record and audit that access.
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
More information from SearchSecurity.com
Larry Ponemon, of The Ponemon Institute, explores why companies
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
a> who ignore data breaches are also ignoring risk management.
Learn how to avoid making headlines due to a privacy breach.
Review the important elements of a data protection strategy.
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
Protect from the inside out: Often, the same controls that prevent employees from acting beyond their privilege will also prevent an attacker from gaining elevated access.
Prioritize risks: Classify data as sensitive and critical to the organization. Secure the database where it lives.
Encrypt backups: One of the most common losses of data results from missing backups.
Verify partner security standards: Ensure that service providers maintain security best practices in line with industry and organizational standards.
Sources: Jon Orbeton, Check Point Software Technologies, Zone Labs division; Adrian Lane, IPLocks
|
