Awareness is Key to Data Loss Prevention

There have been numerous recent reports highlighting corporate cybersecurity vulnerabilities. One of the most notable recurring trends is that many companies are completely unaware of a cyberattack until well after it has infiltrated the network and caused a great deal of havoc. In fact, the majority of cyberattack victims, private and corporate, learn of the attack through a third party, usually a division of law enforcement.

By increasing their awareness of cybersecurity measures and actively monitoring its networks for suspicious actions and irregularities, companies can greatly improve their data protection.

One of the most important steps recommended by industry experts is enabling security event logging. Event logging is one of the most effective means of keeping a close eye on both what is happening and what has happened on your network. This means that actively monitoring security event logs can provide a warning that malicious behavior is occurring on a network, or help an IT department determine the cause of a prior problem.

However, it is not enough to simply enable security event logging, as companies must also be diligent in its implementation. Roger Grimes, writing for InfoWorld, emphasizes that it is crucial for event log monitoring to apply to all workstations, not just servers. By the time a hacker's cyberattack has reached a company's servers, it will almost certainly have moved through an employee's computer, gaining credentials in the process. This makes combatting the cyberattack significantly more difficult than if it had been identified initially.

Grimes also encourages IT departments to increase their knowledge of what applications are installed and running on company computers. Too often, IT professionals fail to account for the numerous programs which are installed on employees' computers, including those which come pre-packaged. Understanding the programs employees are running can greatly increase a company's data loss prevention capabilities.