Business-critical data should be secured at each point along its path—from remote devices to its destination
Although some security incidents are caused by malicious individuals, many data breaches are actually the result of a careless mistake or simple forgetfulness on the part of an employee that is then exploited by a hacker. An unsecured smartphone lost in the airport can allow anyone access to email accounts, for instance. Or a laptop with outdated antivirus software can easily be compromised by new attacks.
Regardless of how it happens, a data breach can suddenly put your company’s business-critical information at risk. With more information now in the cloud and places other than your own network, to fully protect your data, you need to make sure it’s secured in three places: on your employees’ devices, while in transit between those devices and the Internet, and at its destination, including possibly a service provider’s environment.
Securing data on remote devices
Today, employees are using a greater variety of devices that can store data, and all of them—laptops, smartphones, and even tablets—must be protected. The first step is to require a password to log in to each device, including smartphones. (Securing personal devices can be tricky. See this post for tips on how to keep company data safe when it’s on employees’ own devices.)
The second step is to encrypt all the data stored on each device. This will protect the data in case a device falls into the wrong hands. How you encrypt the data varies depending on the device and the operating system. You can provide data encryption with software like the free open source TrueCrypt, which encrypts data on Windows, Mac OS, and Linux devices. Also, you should encourage employees to keep as little data as possible on each device, even laptops. Instead, they should store their data on a centrally located network storage system, such as the Cisco NSS300 Series Smart Storage appliances, which also provides data encryption.
The third step is to make sure that all the standard security measures, particularly antivirus, antispam, and antimalware software, are installed on each device and configured to automatically update as new releases become available. These applications can protect the integrity of your company data and prevent hackers from eavesdropping for specific information like passwords or credit card numbers while the devices are in use.
Finally, the fourth step to protecting data on devices is performing regular backups. You need to have a clean, complete backup that includes all data and applications, for each device. You can then use the backup to either restore a device that becomes compromised or to set up a new device if the original gets lost.
Protecting data in transit
Your company’s data is particularly vulnerable when it’s moving across the Internet, travelling between an employee’s device and your business network or the cloud. The best way to protect data in transit is by requiring every remote employee to connect to your business network through a virtual private network (VPN) before connecting to any website. A VPN creates a private tunnel across the Internet that provides secure communications, protecting the data that is transmitted through that tunnel. If users have any doubt whether their Internet connection is secure, they should first connect to the business network through a VPN and then navigate out to the web. This is true for everything from browsing for research data to accessing specific applications in the cloud.
You can deploy a VPN through an all-in-one security appliance like the Cisco SA 500 Series Security Appliances or a router like the Cisco 500 Series Secure Routers or the Cisco 800 Series Integrated Services Routers.
Also, encourage users to use the Hypertext Transfer Protocol Secure (HTTPS) version of websites whenever possible. Any URL that starts with ”HTTPS“ is more secure than the standard ”HTTP.“ HTTPS uses the Secure Sockets Layer (SSL) protocol to encrypt communications to a web server. Any online banking, commerce, or other site that expects users to transmit sensitive data should be a secure website, so employees should only send personal or confidential business information over HTTPS sites.
Guarding data at its destination
Last, you need to make sure your data is safe at its final destination. This might be your back-end server or a server in the cloud that belongs to a service provider. Wherever it is, that data should also be encrypted, protected with antivirus and antimalware software, and backed up.
If you have data stored in the cloud, ask the service provider what security measures are in place to protect your data. For example, do they have applications in place to make sure that no new and malicious apps can install themselves in the cloud environment? How often do they back up the data? And how quickly can they restore your data if it’s compromised? Never assume that a service provider is protecting your data with adequate security.
If you protect your data on employees’ devices as it travels across the Internet and in third-party environments, it’s much less likely to be tampered with. These simple security measures can prevent catastrophic losses—both of your data and to your business.
How are you protecting your business-critical data when employees work remotely?