CISA Cyber Essentials Toolkits: Your Data
The fifth entry in CISA’s series of Cyber Essentials Toolkits explores the necessity of data security and management. Are you absolutely sure your data is properly protected?
As a part of their Cyber Essentials resource, CISA has rolled out an additional six Cyber Essentials Toolkits. The fifth covers best practices for maintaining data security and integrity.
Why Is Secure Data Management Important?
Without comprehensive data security and management practices, you’re left vulnerable to any and all emergency situations, whether it’s a major meteorological event like a hurricane, common power outages, or the result of malicious or accidental employee actions.
Any of these consequences could happen to you:
- Permanent data loss as onsite copies of your data are destroyed
- Severe downtime as your business scrambles to replace lost data and get up and running again
- Major damage to your reputation as the quality of service you deliver to customers plummets.
3 Reasons Your Data Needs Protection
- Maintaining Data Integrity: Whether it’s in your on-site server or stored in the cloud, you need to make sure your business’ data is protected and securely backed up.
- Maintaining Continuity: How can you expect your staff to work productively if they keep losing their work, or relying on out of date data backups? Protecting data protects your bottom line.
- Mitigating Employee Risks: Cybersecurity gimmicks — such as “set it and forget it” firewalls and antivirus software — fail to account for how important the user is:
- Accidental Deletion: According to the 2019 Shred It Protection Report, 31% of small business owners report that human error or accidental loss by a staff member led to a data breach.
- Malicious Insider Threats: Employees acting in bad faith can cause extensive damage as well. According to the 2018 Insider Threat Report, of 874 reported incidents, 191 were caused by malicious employees.
CISA explores the necessary levels of access control in Chapter 5 of the Cyber Essentials Toolkits.
CISA’s Essential Actions For Data Security
Your ability to protect your data comes down to the following considerations:
- Take A Data Inventory: You have to start from a place of understanding. Begin by taking stock of your data – what it is, where it is stored, etc. With that information, you can then move forward in protecting it.
- Monitor Network Activity: In addition to knowing where your data is and how it’s stored, you need to keep an eye on who is accessing your network. Manage network and perimeter components, host and device components, data at rest and in transit, and user behavior and activities.
- Implement Domain Name System Protection: DNS protection makes sure that unsafe sites cannot be accessed by your staff members on your network. This prevents any exposure to dangerous content that could infect your network with malware.
- Protect Against Malware: Make sure you have the appropriate standard defensive solutions in place, such as firewalls, anti-virus, and anti-malware software.
- Regular, Tested, And Comprehensive Backups: If you have a data backup solution, then it doesn’t matter what happens to your data onsite — you can just replace it with your backup, simple as that.
That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
Be sure to:
- Back up data on a regular basis (at least daily).
- Inspect your backups to verify that they maintain their integrity.
- Secure your backups and keep them independent from the networks and computers they are backing up.
- Protect Your Backups: Your backups won’t be of any use to you if cybercriminals can hack them as well. Make sure your backups are protected by physical security, encryption, and kept in offline copies as well.
Kraft Technology Group Will Help You Protect Your Data
Implementing one or two of these standards may seem simple, but all of them? That may be a little difficult for you to handle, and that’s OK.
Kraft Technology Group will help.
Talk to our team to make sure your systems are secure and in line with CISA’s Cyber Essentials Toolkits.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.