Data Security

    Data security is the practice of protecting data from unauthorized access, use, or disclosure. Learn about data security and how to protect against cyber threats.
    Overview

    What is data security?

    Data security is the protection of digital data, such as information in a database, from destructive forces and from the unwanted actions of unauthorized users, such as via cyberattack or a data breach.

    Importance of data security

    As data volumes within organizations grow, so must secure policies and procedures. In addition, as the complexity of data storage environments and the data itself continues to grow, so must data security.

    Organizations should strongly consider:

    • Obligation: Organizations that store user data have a legal and ethical responsibility to protect that data. When an organization stores personal details and payment information, it also must accept the task of safeguarding that data. Organizations must also communicate their security practices very clearly.
    • Reputation: When a data breach occurs, it can negatively impact the organization’s reputation. Organizations should develop clear and concise procedures for data security.
    • Resources: Data breaches cost organization’s time and money. Investing in effective data security practices as early as possible can save resources by avoiding the labor and monetary costs of recovering compromised data.

     

    GettyImages-1323473406-1200px.jpg

     

    Types of data security technologies

    Mimecast enhances data security protection by providing a comprehensive defense against:

    • Malware and spam: Mimecast Secure Email Gateway provides 100% anti-malware protection and 99% anti-spam protection.
    • Targeted attacks: Mimecast stops phishing attacks and other advanced threats by scanning all email in real-time to identify malicious links, weaponized attachments and social-engineering techniques. Suspicious emails can be rejected, held for review or sent on to recipients with a warning.
    • Data leaks: Mimecast scans all email against content control policies to stop inadvertent or purposeful leaks of intellectual property, financial information, and other sensitive data.
    • Data breaches and eavesdropping. Mimecast Secure Messaging enables employees to send messages securely without the need to download or master data encryption software.
    • Third-party file sharing services. Employees frequently turn to these outside services to transfer large files that exceed mailbox limits. Mimecast’s secure file transfer enables employees to send and receive large files up to 2 GB directly from their inbox.

     

    Benefits of data security and threats to it

    There are many reasons to use Mimecast, but the three biggest benefits are security, compliance, and archiving.

    • Security: Mimecast keeps email safe from malware and phishing attacks by scanning all incoming email and attachments for threats, and quarantining suspicious content. This protect organizations from potentially dangerous email-borne threats.
    • Compliance. Mimecast can help organizations meet various compliance requirements, such as those related to email retention.
    • Archiving. Mimecast’s email archiving ensures all of an organization’s emails are safely stored off-site, making them easy to retrieve for reference or legal purposes.

    Best practices for ensuring data security

    Data security techniques can vary based on your organization’s unique use cases, but some standard best practices exist.

    While some cyber security solution providers may advocate for data backup as a critical security measure, this strategy can incur high costs when storing large amounts of data. Instead, here are five robust data security best practices you can deploy:

    1. Ensure physical security of servers and devices

    Whether your company stores data on-premises or in the cloud, you should check that your organization or cloud provider secures facilities against intruders, fire damage and changing climate conditions.

    If storing data on-premises, your team can analyze a physical device’s security throughout its lifecycle. For example, when disposing of a server, it’s essential to delete data from the device before discarding it. Or, if someone damages or destroys a machine, take appropriate security measures to guarantee it doesn’t get into the wrong hands.

    2. Implement access management and controls

    Identity and access management (IAM) processes define who can interact with software or data systems so that only people with proper permissions can view or edit data assets. A single sign-on (SSO) system is an excellent example of IAM technology, as it enables your security team to set user permissions across platforms in your organization.

    To streamline this practice, you might define access controls by roles or groups of people. For example, IT administrators or executives may have access to a wide range of data. In contrast, contractors or external vendors likely have a much narrower scope. This framework simplifies the administration process and minimizes the chance of accidentally granting too much access to a new user.

    3. Stay updated on application security and patching

    Due to unpatched vulnerabilities, misconfigurations and user errors, security susceptibilities constantly arise in software applications and operating systems. Encryption protocols governing how a company stores and transmits data can also expose an organization to harm since they change frequently.

    To avoid these precarious situations, security administrators and software developers must regularly patch and upgrade their company’s software to verify they’re not running any compromised code. Regular audits of all software libraries an organization uses can also help minimize the chance of your team missing an employee using an old software package.

    4. Educate employees proactively on data security

    Without proactive, strategic security training, employees can unknowingly expose your company to risks — like connecting to an unsecured network or downloading unapproved applications.

    Instead of an extended video module plan that people potentially write off as a yearly “checklist item,” offer your employees a beneficial interactive program that helps them recognize their risky data behavior.

    For example, if an employee tries to send patented information to an unapproved shared drive, have security software that flags the behavior, alerts your security team and helps contain the damage by automatically sending the employee a brief reminder on approved sharing.

    Lastly, encourage your security team to be open and collaborative during employee training. You want employees to reach out about concerns before damage happens.

    5. Monitor all data and its movement on network and endpoints

    With most companies embracing hybrid and remote work, data is increasingly moving to edge devices like laptops and phones — presenting new security vulnerabilities.

    In particular, companies can no longer rely on strict on-premise firewalls as the primary way to contain data flow and prevent the risk of data exfiltration.

    To combat this hazard, some security teams flag specific data movements as risky or only monitor certain important data. But even with the most complex policies and tools in place, data still slips through the cracks. It’s more effective to treat all data as potential IP and monitor file movements to untrusted locations.

    Most significant risks to data security

    The data security landscape continues to evolve as work migrates to the cloud and remote access models. These changing conditions have created some significant risks to data security:

    Insider threats

    An insider threat is a cyber security risk introduced by an individual with permitted access to a company’s systems and data. They can arise from anyone using an organization’s network or applications, such as employees, partners, vendors, interns, suppliers or contractors.

    For example, when an employee puts in their two weeks and prepares to move on to a new opportunity, it’s not uncommon for them — maliciously or not — to take company data with them. They might send files to their personal email account or use a thumb drive.

    There are many real-life examples of insider threats wreaking havoc on organizations, so it’s crucial to have processes and technology that can detect and prevent risky data movements before it’s too late.

    Non-secure cloud app behavior

    While cloud technology and tools have enabled new ways of working, they’ve also intensified the scale and impact of data exfiltration.

    Some of the most common non-secure cloud app behaviors include:

    • Using untrusted personal devices to log into corporate cloud apps
    • Making private cloud links publicly available
    • Downloading corporate data via cloud app to a home device
    • Using unsanctioned clouds (usually personal clouds) to share data with 3rd parties and colleagues
    • Whenever an employee or authorized user performs one of these actions, they compromise cloud security and put your company data at risk.

    Hackers

    Hackers are constantly creating new approaches to extract, steal and exploit data from organizations. Ransomware and phishing are two common attacks.

    These threats are particularly challenging to ward off as they typically use psychological tricks to get information from careless or untrained employees.

    Data security and GDPR requirements

    When the European Union General Data Protection Regulation (GDPR) took effect in May 2018, data security became a primary concern. Since then, the EU's new data privacy regulations require companies to get explicit consent from EU residents before collecting, storing and using their personal data. EU residents have the right to request from any organization what data about them is being stored and used. And residents can withdraw their consent at any time, obligating organizations to erase their data. The regulations also feature extensive directives concerning data security standards.

    Many organizations had to overhaul business processes and technology to ensure data security and compliance with GDPR regulations.

    When GDPR rolled out in May 2018, companies started looking for innovative solutions that would ensure data security while minimizing the cost and administrative burden of complying with GDPR regulations.

    GDPR compliance requires email data security

    Since GDPR took effect, compliance changed the way many organizations manage email. And with cyber attacks heavily targeting email systems, ensuring email data security is growing more difficult by the day. Organizations are still faced with the need to adopt technology that allows for granular archiving, search, retrieval and deletion of emails, in order to comply with user requests.

    Data security strategies and solutions

    Mimecast services for ensuring data privacy and security of electronically stored information include:

    • Targeted Threat Protection: This data privacy and security service defends against sophisticated attacks like spear-phishing, ransomware and impersonation fraud that are often used to target the data held by legal firms.
    • Content Control and DLP: Mimecast scans every outbound email to identify content and prevent inadvertent or purposeful leaks. When an email appears to contain sensitive material, Mimecast can block it, quarantine it or encrypt it, depending on administrator-defined policies.
    • Secure Messaging: This Mimecast service enables users to send encrypted and secure email directly from their preferred email client.
    • Cloud Archive: Mimecast provides a centralized repository for all electronically stored information along with eDiscovery software that accelerates search and retrieval. With Mimecast, organizations can reduce the time required to comply with litigation requests, and ensure data privacy and security by storing triplicate copies of information in an encrypted archive in geographically dispersed data centers.

    Mimecast services for data security

    To help companies comply with GDPR for email management and data security, Mimecast offers cloud-based services for email security, archiving and continuity. As a fully integrated subscription service, Mimecast provides data protection solutions that offer state-of-the-art defense for email systems. Mimecast's advanced security services stop threats such as impersonation fraud and spear-phishing, as well as viruses, malware, spam and data leaks.

    Mimecast's multipurpose archive services ensure email availability through enterprise data protection and replication in the cloud. Granular control and powerful tools allow administrators to easily isolate and delete emails when EU residents withdraw their consent for use of personal data. And Mimecast simplifies email management and compliance for administrators, who can use a single intuitive web console to manage archiving, handle e-discovery, backup outlook emails, and other email management tasks.

    Learn more about data security for email with Mimecast, and about how to backup outlook emails with Mimecast archiving tools.

    Haut de la page