One of the biggest risks to organisations and the security of data is the failure to keep security protocols up to date. For organisations yet to formalise their cyber-strategy and develop IT policies for their staff, the time to take action is now. For those that have this in place, revisiting their policies as frequently as needed is critical.
The risk to organisations continues to grow. Cyber-criminals are becoming more and more sophisticated with their approach. Email, unsolicited phone calls and text messaging are now commonplace, with the emphasis placed on individuals not engaging in dialogue or opening and clicking on any malicious links.
Organisations need to identify clear guidelines on what action should be taken should there be an intrusion and how they are best placed to respond and take corrective action.
Technology types and risk to asset data
In our previous infographic, we explained the risks associated with technology in itself. Technology such as PSTN, RF, GSM, Bluetooth and Zigbee all use open networks that allow anyone to intercept, decode and use the data to their advantage. This places systems connected to them more susceptible to cyber-attack.
Satellite connectivity, on the other hand, operates on a secure, closed network. It is low risk, operating on L-Band Channel security that offers less chance of interception or eavesdropping of the RF channel. It also offers the convenience for asset managers, where assets can be monitored through a Data Management Systems (DMS).
What can organisations do to protect their data?
Building levels of protection into Data Management Systems (DMS) is the best strategy for data security. This provides protection not only for the business but also its users, who may be unaware they are a victim of malware and who unintentionally provide a gateway for access.
What types of security should be built into DMS Systems?
Key design considerations for a data management system should include:
- A minimum of AES-256 encryption and SHA-256 data protection – to encrypt and decrypt Personally Identifiable Information (PII) and asset data.
- Segregation of PII and configuration data from asset data – should a security breach occur, keeping this data separate in different databases protects your PII data from being compromised.
- Utilize multi-factor authentication for users (MFA), enforcing complex passwords, frequent password updates help to keep systems secure. Set unique passwords for each platform so that in the event there is a breach, the impact is contained to one platform.
- Ensure the “Active Directory” is not publicly accessible. If the active directory is made public and an exploit is found, this can give access to the entire company network, financial systems and intellectual property.
- Create access layers to separate the database, API, front-end systems – giving access permissions to only those that are authorised. This helps to alleviate the human error factor.
- Enable end-to-end encryption for users such as SSL/TLS certificates – telling users that the system is secure.
- Conduct penetration testing of your own DMS system continuously. This helps to understand ongoing network threats.
- Develop backup and restore data management policies to mitigate the chance of loss.
What to do next
If you haven’t already done so, the first step is to develop your cybersecurity strategy and IT policy. Utilise outside consultants if necessary to help you shape the appropriate policies for your business.
The second step is to undertake a risk assessment of your data management system. It is important to address any possible entry points for a breach and develop an action plan should an intrusion occur.
For further information on this topic, watch the Sealite webinar “Technology Risk to AtoN”.