When it comes to data security, EyeMed believes in, and also practices, something called the Principle of Least Privilege.
Sounds like a Lord of the Rings sequel, I know. But what’s at stake – what the Principle of Least Privilege protects – is infinitely more important and valuable than some fictitious ring; it’s your employees’ personal data. And the basic premise of the principle is this: in an IT system, everyone has the access and ability to do everything they need and nothing more. Not one … thing … more. Data is organized in a way to ensure that only those that require access to certain aspects of sensitive data have such access.
That’s the simple version. There are plenty of tech terms and abbreviations between the simple concept and the complicated reality of data security.
So how does someone like you navigate that divide? For starters, you learn how to ask the right questions. Questions like …
There’s a difference between data moving between networks and data at rest. It’s important to protect data not just when it’s being transmitted, but when it’s being stored in databases, laptops, mobile devices, etc.
DLP tools are used to maintain a controlled state and not inadvertently transmit data outside the company in an inappropriate manner. They ensure that data follows a specific process before going to an external party. Think email blocking and disallowing use of removable media, preventing data from being placed in social media, Internet-based storage devices like Dropbox or shared elsewhere.
The Principle of Least Privilege sounds like a Lord of the Rings sequel. But what the Principle of Least Privilege protects – is infinitely more important and valuable than some fictitious ring; it’s your employees’ personal data.
This is when a system goes a step beyond passwords. You know how sometimes you have to authenticate through a confirmation text, get an email link or receive a smart phone ping in order to get access to something? That’s two-factor authentication.
In the event that the primary data center is disrupted, does their system have a high availability data scheme to bring systems back online? Is it a fully redundant backup or data replication? Is it in a separate data center and is it based in the U.S. or abroad?
Secure systems feature analysis tools that detect patterns. They investigate anomalies or variations from normal usage and send alarm notifications when something suspicious is happening. They also routinely audit their user access controls to make sure the wrong people aren’t touching data they shouldn’t.
Remember, people should have access to what they need and nothing more. Because when it comes to your people’s data, nothing is more important than security.