What?
What is Data Security?
Data security consists of many layers, where the most common are Firewall and anti-virus software, but this is only a small part of what should be done to ensure a company from potential harm.
Data security should consist of as many layers as possible, because hackers not only uses one tactic, but all of tactics at their disposal, that is why companies today also should make use of all the different products / protections that are on the market today to ensure their Data Security.
Why?
Why should a company think Data Security?
There is no business today that can abdicate that they have not been exposed to hacking attempt, whether it is "just" Phishing or the corresponding attack, these should still be seen as hacking attempts.
All companies that have a presence on the Internet, even if this is just a website,should be thinking about security which includes this presence, and the company should also have thought about what it might mean for the them if that presence in some way could be compromised, even if this is only defacing or DOS (Denial-of-service attack) / DDOS (Distributed Denial-of-service attack), there must be thought about what effect it may have on the company's customers, reputation, employees and accounting.
How?
How Can Data Security help my Company?
Data Security can help to ensure your data is not lost even if it is acidic employee or a hacker obtains access to systems that they should never have access to.
Data Security should be implemented in the company in a way that all parts of your business are covered in one way or another. This can for instance be that there is a firewall, an IDS / IPS, that your mail server both virus scans and checks for known spammers via DNSBL / RBL, that all your web-based solutions are regularly Dynamic scanned for vulnerabilities, that all proprietary programs becomes static scanned for errors and vulnerabilities, and that all software in the enterprise infrastructure logs everything to a SIEM solution.
Who?
Who should think Data Security?
All companies need to think about Data Security since it is not only external hackers, but also internal that needs to be protected against.
There is much talk in the media about hacking, and this trend is increasing rapidly, it has something to do with how easy it is to get access to the tools that can be used to hack with. What is important to think about here is not only what would happen if the company's website is being hacked, but more what would happen if hackers can gain access to the internal network due to an error on the website, and thus gain access to confidential data that is vital for the company, or if the hackers can change the company's Web site in a way where they can redirect the sign in for existing or new customers to a page / site they control and thereby get them to enter their sensitive data, and now the hackers can use that sensitive data to exploit their account data on the company's website.
All companies today have customers, and with that in mind the company have sensitive data that is unique to them, this data is the entire livelihood of the business, so what would happen if this data disappeared?
Basically, it is conceivable that it is not the a great disaster when the company has a functioning backup solution and that it is "just" to restore the data that is lost from the latest backup, but now this data is not unique any more, this could mean that a new or existing company, could come in and try to steal all the existing customers, and thereby the future customer base for the business?
It is here that the Data Security is coming in, and as described above Data Security is composed of many layers that can / must work together to protect corporate data, and thus revenue, employees and future business.
There are many solutions on the market today, and it all comes down to finding the appropriate one for the company, but it is usually never enough just to have a firewall and anti-virus solution.