Implementing a comprehensive approach to cybersecurity and data protection are the first proactive steps to strengthening the security posture of any business.
Organisations such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 is an excellent resource that assists companies to achieve better security as it offers guidelines and best practices to manage security risks. ISO/IEC 27001, the world’s best-known standard for information security management systems (ISMS) also provides companies of any size with advice for establishing, implementing, maintaining, and continually improving ISMS.
Byron Horn-Botha, Arcserve Southern Africa business unit head, says while these frameworks cover most of the area’s companies need to consider as they enhance data security, there are specific actions that need to be done if improvements are to be achieved and make a significant difference to the business.
“These include conducting regular risk assessments to identify vulnerabilities and potential threats thereby enabling businesses to prioritise their security efforts and allocate resources accordingly.
“Also, implementing strong access controls including multifactor authentication (MFA) and the principle of least privilege which grants users only the minimum access required to do their jobs, are essential steps in the journey to a better security posture,” says Horn-Botha.
He highlights the importance of encrypting all sensitive data both in transit and at rest. “Regular updates and patch systems to ensure the removal of vulnerabilities that hackers often exploit is vital. Moreover, never underestimate the importance of staff education programmes in security best practices, including advising them on how to recognise ransomware and other social engineering schemes. This should be followed by training them to know what to do if they encounter anything suspicious.”
Horn-Botha notes implementation of robust firewall and intrusion detection and prevention systems that thwart unauthorised access or malicious activities must be high on any company’s security checklist .
“According to the Information Regulator It is open season for security compromises in South Africa with the entity receiving more than 150 data breach notifications a month. This is not something business leaders can take lightly. It is crucial to conduct regular security audits and assessments.
“Arcserve advises companies to also add a security information and event management (SIEM) system to their security armoury – so they can collect, monitor, and analyse security logs. We support our customers with advice founded on the latest global technology advancements and our extensive experience and IP,” he concludes.