eWeek has published a set of guidelines to avoid the next data breach. Although most of these lists overlap for the most part, each author has a something of value to add and it’s always valuable to re-examine your own guidelines against these lists.

eWeek notes, with much truth, that most data breaches are not the result of a single failure but rather multiple failure points in company data security practices. It is one thing to create a security policy - it is quite another to keep it updated, to translate it into processes and systems, and to communicate it effectively to all stakeholders.

eWeek’s Seven key measures to keep your data safe:

1. Have a viable, up-to-date security policy - what to protect, risk assessment, response procedures to any breach. Keep revising - security is not static! And communicate the policy to all employees (and contractors)
2. Know your sensitive data and safeguard it - restrict access, prevent copying, have specific rules for mobile data devices
3. Apply the least privilege principle: Give users and applications the minimum required access, especially as regards sensitive data
4. Encrypt data in motion - use strong standards coupled with other mobile security safeguards
5. Encrypt data at rest - but do not be free with the access keys, or the security will not be valuable
6. Monitor database activity - real-time auditing to detect unauthorized access early
7. Regularly check and harden configuration of components - use tools to find bad configuration, weak passwords, etc

Each step you take to improve your data security closes a vulnerable point - the more you do, the better your data security will be.

Tags: data breach, data management, data security, it security, breach, breach prevention, business security