[How-to] Protect Your Company Executives and Data
Cybercrime is an ever-present and growing concern for organisations. 2013 saw a 62 percent increase in the number of reported security breaches from 2012, and 552 million online identities were exposed. Already in 2014 we have witnessed new and more sophisticated attacks, which pose an increasing threat to businesses security.
While organisations are becoming increasingly aware of online security threats and understand the need to keep technology used to protect information assets up-to-date, few match their defences to the different levels of threat posed across different types of data, device and users.
Critical but often overlooked are the specific threats posed to (and by) a company’s executives and other privileged users.
These roles require personalised attention as these users frequently have access to confidential and business critical information, and need flexibility to access that information remotely. This puts executives at high risk of being compromised and increases the security risk to the organisation.
Criminals know executives are privy to the most sensitive data and often specifically target them. Because they often travel for business, executives are at increased risk of spyware attacks, for example, while using networks with limited security such as hotel WiFi or WiFi hotspots.
They also have a higher risk of equipment theft, loss and damage (pen drives, laptops and mobile ‘phones dropped or left in taxis, during border searches, etc.).
Yet time pressures mean executives are likely to be unavailable for security training – even when they have mandated it for the rest of the organisation. They often also bypass security protocols and put pressure on IT to grant administrative rights, making them vulnerable to targeted attacks.
How to protect your executives
Introduce strong, multi-step authentication
Stolen credentials are the biggest threat and are used in four out of five of security breaches, so it’s clear traditional user names and passwords on their own are not enough.
Introduce strong, multi-step methods, for example, two-factor authentication requiring two different things to prove identity – a combination of an authenticator (something you have - usually a token, smart card, mobile app), with something you know (your login ID and password). Future systems may also introduce of a third biometric factor, such as a fingerprint to validate access.
Encrypt confidential emails and files
Email is frequently used by executives to communicate with each other, board members and other highly confidential parts of the business such as legal and HR. By using certificate-based smart security encryption, executives can encrypt the emails or files containing sensitive data, so that only the intended recipient can access the information. Also, ensure their contacts files are regularly maintained so that information is less likely to be accidently sent to the wrong person.
Establish and educate executives on your security policies
Of course, this will only work with buy-in from executives, so also seek an executive sponsor to help you ensure all executives know your corporate policy and are adequately trained in security issues and practices. By teaching executives good security practices, you will help change their behaviour and motivate them to lead by example.
As cybercrime levels increase, preventing data loss and protecting sensitive information from unauthorised access should be a top concern of every organisation, and is often a legal requirement.
While security is an enterprise-wide requirement, executives are a heightened security risk and yet require protection that does not compromise convenience or mobility. Privileged users and executives therefor e need personalised attention now more than ever before.
Stephane Vinsot is Product & Solutions Director, Identity & Access for Gemalto
Like what you see! Signup for our weekly newsletter