Filip Cotfas has an impressive background in sales and project management. As a Channel Manager at CoSoSys, he is utilizing his extensive skills for the daily operating efficiency with a focus on the South Asia, Middle East and Northern Europe markets. Filip`s main responsibility is handling the existing Customer portfolio, as well as acquiring additional revenue streams, mainly by coordinating with the existing partners or enabling new partnerships, in order to help more customers benefit from our award-winning Data Loss Prevention solution. In the past years, he has been developing the sales strategies for his markets and built a successful relationship with channel partners.
Businesses appear to be more concerned than ever about data security these days. The hybrid working model, uncharted IT environment, increasing adoption of cloud services, and sophisticated nature of cyber criminals have all resulted in massive data breaches with severe consequences. Regardless of the changing scenario, the accepted and well-known fact remains that data security breaches are avoidable. Although each organization has its own goals and objectives in terms of data security, there are some common mistakes that businesses make when it comes to data security. Worse, these errors are frequently accepted as the norm, hidden in plain sight under the guise of standard procedure.
The five most common mistakes are listed below; they can lead to unforced errors and contribute to the most significant data breaches.
Failure to go beyond compliance: It is commonly stated that compliance does not equal security, and most security professionals would agree. However, organizations frequently focus their limited security resources on achieving compliance and then become complacent once they receive their certifications. As a result, many of the most significant data breaches in recent years have occurred in technically compliant organizations.
Keeping it too simple: The first and most important guidelines that every company follows is to keep their operating systems up to date and install firewalls and antivirus software. Companies will also place a premium on antimalware protection. While these are important components of the Social Media strategy, they are also too simple and basic steps that any company should take to protect its network and the sensitive data stored on it.
Many high-profile data breaches are the result of malicious outsiders. Still, only a portion of these cyberattacks is carried out using brute force and what are now considered traditional hacking methods. Many of them are the result of poor password practices or gullible employees who fall prey to social engineering. Companies must therefore educate their employees as well as implement additional safeguards to mitigate potential outside interference in the workplace.
Forgetting about human error: One of the most common mistakes companies make when developing their data protection strategy is failing to account for human errors, whether intentional or unintentional. It is essential not to overlook the impact it has. When it comes to external threats, employees can be both a critical link and the weakest link. Employees, some with a vested interest and others unknowingly, may share sensitive company information. They may inadvertently email sensitive information to the wrong sender or hit reply all on a lengthy email chain containing outsiders, or they may make something public, leave their computer unlocked so that others can tamper with it, or completely forget about sensitive data they once stored on their computers.
Though these may appear to be minor and insignificant errors, they can cause significant problems in some cases. This is one of the primary reasons why organizations should implement DLP (Data Loss Prevention) solutions that focus on protecting specific data rather than the entire system. This makes it easier to regulate its transfer or use.
Disregarding shadow IT: To double their productivity, employees tend to use unauthorized applications and IT services in the workplace and, in many cases, even surpass the IT regulations of the corporate network. This is when most businesses have been suffering from Shadow IT, knowingly or unknowingly.
Unfortunately, because of the prevalence of internet-based services, completely eliminating shadow IT is a daunting. As a result, it’s easier for businesses to simply adopt tools that directly protect sensitive data rather than attempting to guess how many tools their employees may be using behind their backs.
Ignoring data on the move: Employees can now work from home, the office, or even on vacation from a distant location, thanks to the hybrid working model. Though this has increased productivity, it has also enabled loose endpoints, which means that their laptops are no longer protected by corporate network security, leaving them vulnerable to insecure internet connections and tampering. They are also victims of physical theft of their laptops, which compromises the data.
Companies have spent a fortune securing their internal networks. Still, they have paid no attention to the threat to data on the move or to enforcing policies such as hardware encryption and VPNs that focus on external threats. DLP can help organizations secure sensitive data even when employees are on the move.
Every organization must keep track of data activity. It is challenging to secure sensitive data in today’s threat landscape, but businesses can take steps to ensure that adequate resources are allocated to their data protection strategy. Furthermore, early conversations with key business and IT stakeholders are essential for understanding short- and long-term business objectives.