An intense focus on infrastructure cannot diminish the necessity of protecting raw data and keeping it safe. To guard against cyber-security, it is essential to consider the human element and review and revise policy with three essential components in mind.
Cyber-security best practices:
- Understand the risk and avoid the problem. Just because a system has never been hacked is no justification to feel completely secure. Yet, there seems to be a tendency to stay with what appears to be working only because no data has either been breached or identified as being breached. This is no time to be complacent. The risks are there, and managers have to accept that fact-of-life and work with technology to assure data protection on a regular basis.
- Challenge what you are being told. Learn from the experience of hacking victims. Executives and administrators need to mandate data breach studies for comparative analysis. There is no better way for the organization to determine if its data is equally vulnerable and susceptible to similar attacks. Review the human element along with the history. “We’ve got it covered” may be only a temporary truth.
- Test the people with the process. Require a full examination of infrastructure technology, data monitoring committee (DMC) policies, alert policies and ability to protect the system. Conduct testing (not limited to technology) on a frequent basis. Investigate the human element along with the infrastructure to pinpoint the relevant metrics that can yield actionable protective measures. Independent technology consultant, David Malmstedt, put it best, “Keep trying to break what you have to make sure no one else will break it.”