Avoid a Breach – 5 Tips to Secure Data Access
By David Shephard, Vice President of Sales for Asia Pacific and Japan (APJ)
In its quest to become a digital nation by 2020, Malaysia is diligently working to improve its infrastructure and expand its use of advanced technology. As this journey continues, security will become increasingly important for the country’s public and private organisations. This was well illustrated in 2017 by the systematic breaches in telecommunications that exposed 46.2 million Malaysian citizens’ mobile phone numbers.
While the cloud is a boon to productivity, flexibility, and cost savings, properly deploying cloud technology can prove confusing and even dangerous for unprepared organisations. Fortunately, Malaysian enterprises are, on average, better poised to adopt cloud technology than most of their counterparts in other Asian countries.
While there aren’t necessarily more threats when using the cloud, there are different types of threats. As such, organisations need to employ the below best practices for securing data access when they make use of applications like Salesforce, Office 365, and more.
- Use secure passwords
Many employees use a single unsecured password across personal and corporate accounts. Unfortunately, this practice makes it significantly easier for nefarious parties to steal corporate information wherever these unfit passwords are used. Because of this, organisations should require unique passwords of sufficient length and complexity for each of a user’s SaaS accounts. Additionally, requiring employees to change their passwords regularly – perhaps every other month – can provide an additional layer of security.
- Authenticate all users
Credential compromise is a large threat to the enterprise – corporate usernames and passwords can be leaked by careless employees or stolen by hackers. To address this threat, organisations should employ multi-factor authentication, a method of verifying that accounts are being used by their true owners. In other words, organisations should require a second level of authentication (beyond a mere password) before allowing access to sensitive data. This may occur through an email, a text message, or a hardware token (a unique physical item carried by each user).
- Secure unmanaged mobile devices
The rise of BYOD (bring your own device) has enabled employees to access corporate data from their personal mobile devices. While this increases productivity and flexibility, it also exposes the enterprise to new dangers. As such, organisations must secure BYOD, but do so with a tool that is simple to deploy and doesn’t harm device functionality or user privacy. This can only be accomplished through data-centric, agentless solutions – not mobile device management (MDM). With agentless security, organisations can protect data on unmanaged mobile devices in a timely, thorough, non-invasive fashion.
- Take a proactive approach to security
As organisations move their data to the cloud, they often fail to monitor and protect it accordingly. They tend to adopt after-the-fact security that can allow months of data exfiltration before detecting threats or enabling remediation. In a world with regulatory compliance penalties, well-informed consumers, and hackers who can steal massive amounts of data in an instant, reactive security tools are no longer adequate. Instead, organisations must adopt proactive cloud security platforms that enable real-time detection of malicious activity. Failing to utilise such solutions can prove disastrous for an organisation’s security, finances, reputation, and livelihood.
- Defend against malware
Because of the multitude of cloud apps and devices that store, upload, and download corporate data, malware can now attack the enterprise in more ways than ever before. For example, if an employee uses a personal device to upload a contaminated file to the cloud, the infection can quickly spread to connected apps or other users who download said file. Today, organisations need to deploy anti-malware tools that can detect threats at upload, threats at download, and threats already at rest within cloud applications. Defences must lie in wait wherever data goes.
Malaysian organisations in the private and public sectors must play their part in helping the country become a digital nation; for example, by deploying cloud apps and enabling BYOD. However, this must be accompanied by a heightened awareness of threats in the cloud as well as an increased adoption of specialised cloud security tools. Without proper protections in place, advanced technologies and methods of working are of little benefit. As such, organisations should take the first step towards cloud security by making use of the above best practices for securing data access.