Data breaches are an unauthorized access to personally identifiable information that is held or transmitted by companies. These unauthorized “attacks” can negatively impact companies in three ways. Reputation damage, regulatory fines, and ultimately released workers. To avoid the three R’s of a data breach, the organization must focus resources on a security strategy to protect their customer’s information. This is a very tricky situation when there is also an inbound marketing strategy that involves search engine optimization and attracting potential customers.
An inbound marketing strategy is a customer centric methodology that begins with attracting strangers and converting them to delighted customers that will promote the organization. The buyer’s journey involves using stage-driven content to attract and convert visitors into customers. Part of the conversion process involves the use of forms that collect data. With the heightened awareness about sharing information online, this could present a challenge when trying to obtain lead information.
Click here to see 8 Ways to Prevent Data Breaches
End User Security Training – Organizations should embrace a culture that holds the end-users responsible for ensuring security. This means that there needs to be management buy-in. According to Dan Lohrmann, companies should not stick with old security programs that may not consider updated threats. There should also be a push to have different training delivery modalities to hit on various employee learning styles. Don’t confuse security training with cyber awareness or make these programs options. Focus on changing behavior and engaging the staff. (Lohrman, 2014)
Create and Enforced Encryption Policy – Encryption policies should be internal and external expectations. Suppliers should be held to the same encryption standards as the company using them. “The primary purpose of encryption is to protect the confidentiality of digital data stored on computer systems or transmitted via the internet or other computer networks. Modern encryption algorithms play a vital role in the security assurance of IT systems and communications as they can provide not only confidentiality, but also the following key elements of security:
Here are some useful links for more on encryption:
- Gain insight into data encryption methods for securing endpoints.
- Check out the winners of the Readers' Choice Awards for best encryption products.
- Explore how mobile device encryption helps protect sensitive data.
- Discover how full-disk encryption can save IT grief from lost laptops.
- Learn more about data encryption from the Electronic Frontier Foundation.
Deploy Intrusion Detection and Prevention - “Used in computer security, intrusion detection refers to the process of monitoring computer and network activities and analyzing those events to look for signs of intrusion in your system. The point of looking for unauthorized intrusions is to alert IT professionals and system administrators within your organization to potential system or network security threats and weaknesses.” (Beal, 2005)
Implement Content Filtering – “On the Internet, content filtering (also known as information filtering) is the use of a program to screen and exclude from access or availability Web pages or e-mail that is deemed objectionable. Content filtering is used by corporations as part of internet firewall computers and also by home computer owners, especially by parents to screen the content their children have access to from a computer” (Rouse, 2014)
“Content filtering usually works by specifying character strings that, if matched, indicate undesirable content that is to be screened out. Content is typically screened for pornographic content and sometimes also for violence- or hate-oriented content. Critics of content filtering programs point out that it is not difficult to unintentionally exclude desirable content” (Rouse, 2014).
“Content filtering and the products that offer this service can be divided into web filtering, the screening of Web sites or pages, and e-mail filtering, the screening of e-mail for spam or other objectionable content” (Rouse, 2014).
Perform Regular Vulnerability Assessments – “ Vulnerability analysis consists of several steps, starting with defining and classifying network or system resources, assigning relative levels of importance to the resources, identifying potential threats to each resource, developing a strategy to deal with the most serious potential problems first, AND defining and implementing ways to minimize the consequences if an attack occurs” (Rouse, vulnerability analysis, 2006).
Here are some useful links for more on vulnerability assessments:
- Primatech, Inc. describes the technical aspects of industrial cyber security vulnerability analysis
- Diana Kelley explains how to use vulnerability management data effectively
- Writing.com has published an article entitled 'The Dark Side of White Hat Hacking'
- This SearchSecurity.com tip looks at vulnerability analysis service providers
- Mike Chapple explains how to protect your applications from file format vulnerabilities
- Mike Rothman discusses how to measure security risks, threats and vulnerabilities
Apply a Patch Management Program – “It's obvious that patch management is a critical issue. What is also clear is the main objective of a patch management program: to create a consistently configured environment that is secure against known vulnerabilities in operating system and application software.” (Chan, 2004)
Employ System Monitoring – “Everything your team does on company time -- and on company resources -- matters. Time spent on frivolous websites can seriously hamper productivity, and visiting objectionable sites on company PCs can subject your business to serious legal risks, including costly harassment suits from staffers who may be exposed to offensive content.
Other consequences may be far worse than mere productivity loss or a little legal hot water. Either unintentionally or maliciously, employees can reveal proprietary information, jeopardizing business strategy, customer confidentiality, data integrity, and more” (Strohmeyer, 2011).
Back Up Data - The top 4 reasons why your backup and disaster recovery plan should be a priority. Machines and hardware fail, humans make mistakes, nature is unpredictable, and customers want access 24/7/365. (QTS Realty Trust, 2013)
An inbound marketing strategy is a customer centric methodology that begins with attracting strangers and converting them to delighted customers that will promote the organization. The buyer’s journey involves using stage-driven content to attract and convert visitors into customers. Part of the conversion process involves the use of forms that collect data. With the heightened awareness about sharing information online, this could present a challenge when trying to obtain lead information. It is important to consider the 8 ways to prevent data breaches to maintain your reputation so that potential customers will not be concerned with providing data on forms.
Beal, V. (2005, July 15). Intrusion Detection (IDS) and Prevention (IPS) Systems. Retrieved November 18, 2016, from webopedia: http://www.webopedia.com/DidYouKnow/Computer_Science/intrusion_detection_prevention.asp
Chan, J. (2004). Essentials of Patch Management Policy and Practice. Retrieved November 18, 2016, from ProjectManagment.org: http://www.patchmanagement.org/pmessentials.asp
Lohrman, D. (2014, March 9). Ten Recommendations for Security Awareness Programs. Retrieved November 18, 2016, from Government Technology: http://www.govtech.com/blogs/lohrmann-on-cybersecurity/Ten-Recommendations-for-Security-Awareness-Programs.html
QTS Realty Trust, I. (2013, December 20). 4 Reasons Why You Need a Backup and Disaster Recovery Plan. Retrieved November 18, 2016, from QTS Realty Trust, Inc.: http://www.qtsdatacenters.com/resources/blog/2013/12/21/four-reasons-why-you-need-a-backup-and-disaster-recovery-plan
Rouse, M. (2006, March). vulnerability analysis (vulnerability assessment). Retrieved November 18, 2016, from Target tech: http://searchmidmarketsecurity.techtarget.com/definition/vulnerability-analysis
Rouse, M. (2014, November). encryption. Retrieved November 18, 2016, from Searchsecurity: http://searchsecurity.techtarget.com/definition/encryption
SonicWall. (n.d.). SonicWall Content Filtering Services. Retrieved November 18, 2016, from SonicWall2016: https://www.sonicwall.com/content-filtering-services/
Strohmeyer, R. (2011, March 22). How to Monitor Your Employees' PCs Without Going Too Far. Retrieved November 18, 2016, from PCWORLD: http://www.pcworld.com/article/222169/how_to_monitor_your_employees_without_going_too_far.html