IoT
IoT
IT Leadership // Security & Risk Strategy
Commentary
1/11/2016
08:06 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
50%
50%

4 Data Security Tips For CIOs

Security challenges facing CIOs will continue to escalate because the payoffs are high for perpetrators, and risks are relatively low. Here are four tips to help turn your organization -- and your data -- into less appealing targets for the bad guys.

Insider Threats: 10 Ways To Protect Your Data
Insider Threats: 10 Ways To Protect Your Data
(Click image for larger view and slideshow.)

Several high-profile data breach cases from last year have put security front-and-center for many CIOs and IT professionals I work with on a daily basis. It's also the one area CIOs tend to lose the most sleep over.

While no organization can be completely protected, strategies can be put in motion to significantly reduce the potential of a data breach -- or at least minimize the impact when a breach does occur. Here are four ways CIOs can prepare to handle security threats in the next 12 months and beyond.

1. Get a Handle on Endpoint Devices.

BYOD is mainstream. The number of connected Internet of Things (IoT) devices in use is expected to surge beginning early this year. It's key that your IT organization is able to actively identify, monitor, and control any device that attempts to access corporate resources.

Adding in technologies such as identity and access management should be at the forefront of most CIO to-do lists this year. Visibility out to the edge is no longer a nice-to-have capability, it's an absolute necessity.

2. Data Extortion: What's your plan?

According to research from TrendMicro, data theft for the purpose of extortion is likely to be on the rise. In such situations, time is not on your side.

[What's in your career improvement plan? Read 10 Skills CIOs Need to Survive, Thrive in 2016.]

Work with your counterparts in information security, governance and compliance, HR, and legal to develop plans of action that specifically address different types of extortion scenarios. Consult with law enforcement groups and security experts to make sure you're covering all your bases and minimizing your risk as much as possible.

3. Social Engineering Training

It may seem absurd that in 2016, CIOs still must train employees against social engineering attempts. But social engineering attacks are growing increasingly sophisticated and can fool even the savviest of employees.

(Image: MF3d/iStockphoto)

(Image: MF3d/iStockphoto)

Younger employees may be your greatest risk, as they're already accustomed to different views about personal privacy, leading them to expose your organization by openly sharing on social media all manner of details about their professional lives and the places they work. Such information can be easily mined to form a tailor-made spear-phishing email that will gain the trust of an employee. Once that's done, it's game over.

Don't wait to start training your employees in how to avoid becoming a victim of social engineering.

4. Hire a Data Protection Officer.

If 2015 taught us anything in the world of data security, it's that it can't be quarterbacked by the CIO alone. In 2016, one of the fastest growing IT security management roles is likely to that of a Data Protection Officer (DPO).

The role is a regulatory requirement for enterprise organizations in some parts of the world. A DPO is responsible for the legal and technical details behind your data security strategy. From there, the guidance can percolate up to the CIO and be put into action throughout the organization.

Security challenges facing CIOs will continue to escalate because the payoffs are high for perpetrators, and risks are relatively low. Until something changes to level the playing field, CIOs are going to have to do whatever they can to turn their organizations -- and their data -- into less appealing targets for the bad guys.

**Elite 100 2016: DEADLINE EXTENDED TO JAN. 15, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 15, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.

Andrew has well over a decade of enterprise networking under his belt through his consulting practice, which specializes in enterprise network architectures and datacenter build-outs and prior experience at organizations such as State Farm Insurance, United Airlines and the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.