By Lisa McLaughlin
What do we know for sure? Adversaries, attackers, criminals, and hackers are going where the data is. Criminals are taking a stab in the dark, looking for your weaknesses, and are using an unprecedented number of weapons to do so. What is the best way to keep on top of these threats, and how can you best ensure the security and confidentiality of your most sensitive data?
SS&C is a publicly traded $5.1 billion market capitalization financial software and services company. Founded in 1986 as a global provider of investment and financial software-enabled services and software, SS&C has been addressing the impact of cyber-security risks as part of our ongoing security initiative for many years. Our experience makes us an important partner in helping other organizations protect their data.
At SS&C we believe security is an ongoing effort, and to that end we rely on a multitude of rich controls. To maintain vigilance, we routinely verify our controls by conducting numerous internal and external assessments, including audits, to ensure the security of our data.
If you’re interested in protecting yourself from cyber criminals, begin by knowing your worst case scenario. Know where your most valuable data is located, how it is accessed and from where. Take a foundational step in the development of a comprehensive privacy and security program for your company by adopting a structured and consistent risk methodology that includes risk assessment and risk treatment. You can’t manage the risk if you don’t know what it is. The objective here is to be able to identify the risks within your organization and then advise on appropriate controls to mitigate them or reduce their impact.
There is no one tool you can use that will solve all cyber issues. To secure your most sensitive data with access controls, begin with a defense-in-depth approach, which is a layered set of controls consisting of management and technical controls that support each other on different levels within a network, systems, or applications.
Since security is an ongoing effort that combines technologies as well as robust processes, don’t forget about the human side: ensure you provide your system users with ongoing training that gives them the ability to be a human firewall against security breaches.
When building your layered defense, use different controls at different points to help mitigate any weaknesses. This strategy helps to ensure that if one area or control fails, there are other compensating controls to maintain the integrity of your most sensitive data. Take the extra step by segregating your network into different zones; this allows you to protect your most sensitive data behind a number of locked doors. Simply put: strategize, and keep investing in that strategy as the risks change.
The views expressed herein are those of the author and do not necessarily reflect those of SS&C.