Some simple, but essential security practices for organisations to embrace are as follows:
- Focus on essential controls. Many enterprises make the mistake of pursuing exceptionally high security in certain areas while almost completely neglecting others. Businesses are much better protected if they implement essential controls across the entire organisation without exception.
- Eliminate unnecessary data. If you do not need it, do not keep it. For data that must be kept, identify, monitor and securely store it.
- Secure remote access services. Restrict these services to specific IP addresses and networks, minimising public access to them. Also, ensure that your enterprise is limiting access to sensitive information within the network.
- Audit user accounts and monitor users with privileged identity. The best approach is to trust users but monitor them through pre-employment screening, limiting user privileges and using separation of duties. Managers should provide direction, as well as supervise employees to ensure they are following security policies and procedures.
- Monitor and mine event logs. Focus on the obvious issues that logs pick up, not the minutae. Reducing the compromise-to-discovery timeframe from weeks and months to days can pay huge dividends.
- Be aware of physical security assets. Pay close attention to payment card input devices, such as ATMs and gas pumps, for tampering and manipulation.