Following on from our introduction to user-driven security, and why people are seen as such a risk in business. We are now looking at the three main steps you can take to turn your people from a risk into your greatest security assets:
Step 1 – Educate your users
Build a custom training program for your employees that encompasses all areas of security, but places a particular focus on data. This will teach users the value of the data they are handling to ensure they work with data in a way that complies with your internal security policies and adheres to the relevant regulations.
Step 2 – Classify your data
How can you appropriately protect data if you don’t know its true value? (Answer: YOU CAN’T!). In the same way that when you move house, if you had a lorry full of brown boxes with no labels, you’d be in a bit of a mess at the other end, exactly the same applies to data. You should be able to quickly identify how sensitive the content is and how it should subsequently be handled, stored and protected. Boldon James Classifier applies both visual labels and metadata to ensure users and downstream technologies handle the data appropriately. Classifier is a user-driven tool that prompts users to classify data at the point of creation. To avoid mistakes and further improve user education, the tool scans data to ensure the label selected adheres to your policies and prevents the ‘under-classification’ of data. So essentially working on a ‘Trust but Verify’ basis.
Step 3 – Enhance your existing technologies and enforce your security policies
User training and data classification enables businesses to enforce their security polices in a way that is difficult to achieve by any other means. The metadata applied during the classification process can be read by several complimentary technologies and enhances their performance. For example, Data Loss Prevention (DLP) tools can simply scan the metadata and apply relevant handling rules based on this.
In the final instalment of this three part series, Aaron will discuss the 3 main benefits of taking a user-driven approach to your security.