In the popular quiz show from the early 2000s The Weakest Link, contestants answered questions correctly in working together to win as much money as possible. However, if a participant answered a question incorrectly, all money earned in a chain of right answers would be lost. At the end of each round, contestants voted off the individual who they saw as “the weakest link” from the round in order to increase their chances of earning more money and winning the jackpot.
Oddly enough, data security in an organization works much the same way. There are various layers of security that must be built upon one another (like the chain of right answers) in order to achieve business goals and ROI (the money added to the bank). It only takes one security misstep (wrong answer) to suffer serious consequences (losing all the money banked). Therefore, when creating a data security plan and putting it into action, it’s important you think like a criminal to ensure even the weakest links are protected.
When it comes to data security, companies often focus on the big picture, or protecting the company’s “crown jewels.” But hackers are becoming more sophisticated and tapping into the weakest access points to get their hands on a variety of data and information beyond just the crown jewels.
In an article from CSO Online, Ryan Stolte, CTO, Bay Dynamics said, “They [hackers] collect their own social intelligence, gathering information about the victim business regarding what its surface areas look like, where it stores its most valuable data, which third-party vendors have access to their network and how they gain access, and which employees log in remotely and how they gain access to the network. After they have breached you and gotten inside, they do it all over again, but from a different layer, to continually get deeper into an organization.”
From lack of control of bring-your-own-device (BYOD) assets to information shared publicly on social media to a vendor relationship gone bad, a growing number of access points are making company data more vulnerable and the job of the security team within an organization increasingly complex. With so much to consider, companies must take deliberate steps to enhance all layers of data security and make sure they work together seamlessly.
The first step is recognizing that it’s important to prioritize what is secured. Taking a step back to evaluate all of your assets and how they may be perceived by an outsider can help you create a more effective plan for moving forward. Secondly, it’s critical that mobile devices, cloud sharing opportunities and access provisions are all managed under one umbrella. An enterprise mobility management (EMM) platform can help track information and assets, and create a more secure, controlled environment. Third, put in place clear, concise policies and procedures that communicate to everyone in the organization from the C-suite to the frontlines exactly what is allowed and expected.
Ultimately, it’s important all of your stakeholders are on board so you can work together to protect your company and its data. By using threat modeling to identify and say goodbye to the weakest links, you can use what criminals would learn as a basis for a comprehensive and strategic data security plan that works.