External security threats are a top concern for most businesses, but threats that come from within can blindside an organisation.
Consequently, New Zealand organisations need to tailor policies, internal awareness regimes, and security tools to ensure protection from the inside out, as well as the outside in.
“Information is becoming a popular commodity for criminals around the globe, so companies have to do what they can to make sure that information stays safe,” says Stephen Urquhart, General Manager of Australia and New Zealand, Ixia.
“At the same time, our increasingly-connected world is opening up new ways for information to be lost, inadvertently shared, stolen, or appropriated by unauthorised agents. Companies need to protect this information from the inside.”
Going forward, Urquhart has identified three key components to designing an inside out security strategy to keep data safe.
1. Policy
Urquhart believes organisations should build security architecture with multiple layers to protect the areas of the organisation where most of the internal information assets reside.
“It is best if data is encrypted and companies should also implement a tiered permissions identification system,” he says.
“At the same time, businesses should implement an overall corporate security policy that all levels of management support. This helps to make sure everyone is on the same page with practical security measures, such as using stronger passwords and changing them regularly.”
2. Awareness
For Urquhart, companies should train employees to recognise cyber criminals’ tactics and understand how to avoid being tricked.
“Additionally, given that most ‘inside out’ data breaches are accidents, businesses need to teach employees how to manage sensitive information, stay up-to-date on threat intelligence reports, and be aware of the latest cyber-criminal exploits,” he adds.
3. Tools
Companies should implement a selection of tools that monitor streaming applications on the network to identify unusual behaviour or unknown network applications effectively.
“This can help prevent exploits from being discovered after it is too late to mitigate them,” Urquhart adds.
“Additionally, businesses should use testing solutions to make sure all programs are running as expected prior to deployment. This can ensure that data is kept where it is meant be kept, making it easier to protect.”