"

Estimated reading time: 3 minutes, 51 seconds

Three Pillars of Data Security

Among the many institutions affected by internet threats, accounting institutions are especially vulnerable to threats such as viruses, hacking and malware. Since theft is often the goal of these attacks, accounting institutions are particularly susceptible to legal action resulting from fraudulent bank activity directly related to malicious external exploits.
Considering the extreme sensitivity of the data that is being stored and processed day after day, it is especially critical for companies in the accounting sector to protect internal information systems, including electronic communication between and among staff and clients. The security of your confidential data is just as important; whether your company has 10 or 10,000 employees.

Three components that compile a sound data-security strategy are as follows:

Protect Against Physical Breaches
Data security starts at your front door. An alarm system including surveillance cameras will protect your facility in general. Your server room will require systems to monitor humidity, temperature and water on the ground. Also, physical access to all data-storage areas (e.g., filing cabinets, desk drawers, workstations and servers) should be strictly controlled at all times.

Protect Against Technological Breaches
Deploying an effective security strategy will be influenced by a host of factors: budget, IT staff experience and unique company requirements. You may choose to locate the mission-critical elements of your infrastructure on-site, in a secure off-site data center or "in the cloud." Management might be tasked to your in-house IT staff or outsourced to a managed service provider.

As with physical security, protecting your network starts at the edge: A network firewall is your first line of defense in blocking unauthorized access to your systems and data. Current firewalls provide URL and application filtering, intrusion prevention, anti-virus scanning and remote access via virtual private networks and SSL encryption. Many firewall solutions also enable secure wireless connectivity within your office.

Moving inward from your firewall are several additional layers of security you should address. File and folder permissions should be diligently audited on all server resources. Your staff should have access only to documents and applications necessary to perform their jobs.

Also, since e-mail has become the standard method of document delivery in the accounting industry, all e-mails (inbound or outbound) containing confidential or otherwise sensitive information should be encrypted. Additional security measures include Data Loss Prevention (DLP), voice system security, two-factor authentication, endpoint security, full-disk encryption, port protection and client anti-virus and anti-malware.

All of these security measures are for naught if you suffer a server failure or other catastrophic loss of data. A well-executed backup plan is essential; and while there are several different approaches to disaster-recovery planning, most adhere to some permutation of the old 3-2-1 rule. In short: Keep three copies of any important file (primary and two backups); the file should be on two different media (e.g., DVD and external hard drive); and one backup copy should be stored offsite.

Last, your security systems should be tested rigorously for any weaknesses or missing elements. This is usually done by a third party, and typically involves four tests: PCI scanning, internal/external vulnerability assessment, risk assessment and web- application penetration testing.

Protect Against Communication Breaches
Technology alone is not sufficient. The most comprehensive security plan will fail if it isn't clearly documented, and if employees are not adequately trained on it.


Start with a basic documented security policy
A first step might be a policy document governing appropriate usage of company assets: e.g., computer and e-mail usage, personal storage/laptop/phone usage, etc. This policy document can grow as your security policy expands.

Give staff adequate training
Again, a security policy is useless if your employees don't fully understand and agree to abide by it. Schedule training sessions where your staff is given an overview of the nature and breadth of today's threat landscape and how to identify the more prevalent threats: Physical, social engineering, social media, spyware, phishing and fraud.

At a time when so much of your business is conducted online and so much of your critical data is stored electronically, your continued success is more dependent than ever on the success of your internet security plan.

Hillel Sackstein

Hillel Sackstein is President and CEO of Virtual Graffiti, an IT solutions provider that specializes in business, government and education. Recognized as one of the fastest-growing IT solution providers in the nation by Inc. Magazine, CRN and the VAR500, Virtual Graffiti has more than 55,000 customers worldwide and has sustained an annual growth rate of 30 percent over the past ten years. The company's product teams help customers make smart IT buying decisions while lowering IT budget costs and improving efficiency. For more information, please visit www.virtualgraffiti.com.

Read 6837 times
Rate this item
(0 votes)

Visit other PMG Sites:

Template Settings

Color

For each color, the params below will give default values
Tomato Green Blue Cyan Dark_Red Dark_Blue

Body

Background Color
Text Color

Header

Background Color

Footer

Select menu
Google Font
Body Font-size
Body Font-family
Direction