â€śMonitor userâ€™s activity [all the time],â€ť says Kelleher. For a single administrator, monitoring event logs and carrying out regular audits is a massive undertaking. A more realistic approach is to check the logs within the storage environment, rather than the entire network. â€śLogs have proven to be a source of great value if a security breach occurs and an investigation ensues,â€ť says Kelleher. â€śThis step allows you to better understand your firmâ€™s use of resources, and helps you manage it more effectively.â€ť
This one is pretty straightforward. â€śAccess to data should be given only to those who need it,â€ť says Kelleher, â€śeven if the person trying to get to it happens to be your cousin or the bossâ€™s son.â€ť
The use of uncontrolled portable storage devices, such as flash drives and DVDs, puts considerable volumes of data at risk and should not be allowed in an unrestricted environment. â€śThese devices are easy to lose and they can be stolen quite easily if left lying around,â€ť says Kelleher. â€śIn many cases, the data that is on portable storage devices is often not protected using encryption.â€ť
Develop IT Policies
Kelleher advises all companies to implement stringent security policies with regard to how data is accessed, handled and transferred, knowing that technology alone will not protect a companyâ€™s data. â€śStrong and enforceable policies, along with employee and managementâ€™s awareness of possible breaches, will go a long way towards improving the level of security within an organization,â€ť he says.
Last but certainly not least, workers shouldnâ€™t leave their passwords written on sticky notes and pasted onto their monitors, nor should they divulge information to third parties without authenticating the request first. â€śThe people using and creating the data are the greatest threat and weakest security link,â€ť says Kelleher. â€śSecurity is more than just protecting data or placing it under lock and key â€“ itâ€™s also an exercise in managing people.â€ť