Data Security - Protecting The Data You Store
Updated: Jan 4, 2022
In our last blog we talked about physical security and protecting people and assets. This week let’s talk about protecting data that is stored. All data is stored on some sort of storage media, whether it be a hard drive, laptop, disk, tape, or portable media such as a USB drive. These devices are designed to hold onto the data it until it is needed, or simply for archival purposes. As data is being stored, it is considered “at rest”. Because data at rest includes large volumes of intellectual and personal data, it’s extremely desirable for hackers.
So, what can you do to protect data at rest?
Create a Perimeter Around the Data - Good data security starts with a strong perimeter. This is achieved by using firewalls, anti-virus software, and anti-intrusion software.
Encrypt the Data – Encryption is important for protecting confidential data. It makes readable content, unreadable. Once encrypted, a key or special algorithm is required to decrypt the data and make it readable again.
Control Access –People should have access to the information they need and restricted from data they don’t. Accomplishing this relies on user authentication and authorization. Network permissions can dictate what data a user can access and what actions they’re allowed. (The same concept extends to accessing the hardware that stores data.)
Destroy Data – Data security extends to data destruction. Policies and procedures should be in place to control how hardware, software, and all forms of media that house data are disposed of and destroyed. This is an important step in preventing data from accidentally landing in the wrong hands.
Identifying the types of information stored, knowing who has access to the information, and figuring out how it could be exposed are essential to data security. These details set the stage for building a strong data security strategy, specific to your company or situation.
Next week we’ll dig into network security and identify what it takes to protect data in transit.