Top 5 Tips on Protecting Critical Data in the Cloud
As the technology stack grows ever more complex we also face ever growing and increasingly sophisticated forms of security threats.
For many years, I have been working closely with firms of all sizes around the globe helping them mature and improve their security posture. One of the most common mistakes I’ve seen is how organizations feel they can minimize the damage from cybersecurity attacks by relying too heavily on perimeter security technologies.
While such perimeter security is essential, its usefulness is limited if an outside attacker finds a way around it or an attack comes from an insider. One of the key things law firms can do to limit damage from attacks that find a way past their perimeter security is to deploy strong information governance technologies with need-to-know access via the Cloud.
Here are 6 recommendations I commonly share to improve information security in firms of all sizes:
- 1 – Be Aware: Create a culture of employee awareness, focus on the main risks your firm faces
- 2 – Protect the End Point: Remove local administrative privileges on the administrator’s primary device as it’s a prime target
- 3 – Limit Access & Segment: Harden and lock down production systems and networks, only provide absolutely necessary access
- 4 – Backup, Backup, Backup: Snapshots, filestores, databases and index as well as offsite replication – test all backups on a regular basis
- 5 – Log: Make sure all production systems are logging to a SIEM and incorporate security alerting to the operations flow.
- 6 – Test, Test, Test: In addition to doing regular infrastructure vulnerability scan, run dynamic application security and make sure integrations haven’t introduced new vulnerabilities
With strong information governance technologies from iManage in place via the iManage Cloud, law firms can detect and prevent attacks after they get past their perimeter security.