Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How to Pass the Data Security Test

DZone's Guide to

How to Pass the Data Security Test

Cybersecurity is a constantly evolving need, as cyber attackers become more sophisticated every the year. Here are a few help tips to keep your company secure.

· Security Zone
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

The data security test is the basic test that everyone should undergo to make sure that they’re ready to go online. Businesses have an obligation to their clients and suppliers to keep their data safe. Failing to do this can lead to huge consequences further down the line, including a loss of confidence and legal action.

So, what do you need to do to pass the data security test?

Run a Regular Vulnerability Scan

You should get into the habit of running a monthly vulnerability scan. It’s important to make sure that you’re doing this regularly so medium to high vulnerabilities are spotted early. A data security test will easily penetrate these vulnerabilities, and that means an attacker could too.

Too many companies perform a major vulnerability test only once a year. That’s far too long between tests because cyber attackers evolve much quicker.

Keep Software Patched

Any software you use should be patched regularly. Adobe and Flash are two brands that are well-known for requiring regular security patching to keep them safe. Even the best anti-virus and anti-spyware software in the world won’t protect you if your third-party software is outdated and vulnerable.

A lot of companies will just patch their operating systems, but they don’t realize they’re leaving a glaring hole.

Reduce the Amount of User Access

Malware succeeds when it hits a user who can access the entire system. Mitigate the chances of this happening by limiting users. Only allow them to access the areas they really need to carry out their duties. This is essentially about reducing the target areas attackers must aim for. If everyone in your company can access everything it makes it much easier for attackers.

Check the Hardening Guide for Your Operating System

Any commercial operating system will have a set of guidelines for how you can harden that operating system and how to apply those guidelines. Check the hardening guide for the operating systems you have in use. Include your other technologies and perform these checks a few times a year.

Change the Default Passwords for Every Type of Device

It’s tempting to stick with the default password for your Internet router, but these are well-known vulnerabilities. Attackers will always use the default password before trying anything else.

Imagine what would happen if the Japanese company Honda maintained default passwords on their network. An attacker could steal the plans for a device like the Honda HR-V Configurator and blackmail the company, or even pass its secrets to another company.

The consequences would be catastrophic. It would lead to the company’s share price dropping, it could compromise their market position, and it would almost certainly lead to the company losing millions. Smaller companies have been brought to the ground by such attacks.

Take Advantage of the Local Administrator Password Solution from Microsoft

Every device should have a unique password. Microsoft Local Administrator Password Solution (LAPS) is the solution for this. Using this will ensure that every device has an independent unique local administrator password. This should be used together with a comprehensive password policy.

A written password policy with clear guidelines on the changing and sharing of passwords will do a lot to instill the importance of data security within employees. This should be reviewed regularly and come with real penalties for compromising that policy, just to show how serious you’re taking it.

Don’t Just Prepare for the Data Security Test

Companies tend to prepare for data security tests because they want to impress shareholders and the outside world. They want to brag about how secure they are. But if you only focus on cyber security around this time you’re not really securing your company. You’re giving off the false image of security.

This needs to be an ongoing process throughout the year. Cyber attackers are constantly evolving and coming up with new ways to attack your business. This is a constant arms race and letting up for one second means you’re taking a big chance.

Make data security testing a constant as part of a raft of security measures for your business.

Conclusion – It Doesn’t Need to Cost

Securing your company sounds costly and complicated, but that's far from the truth. Even the smallest company can provide a formidable defense against cyber attackers.

What are you going to do to make sure your company is secure?

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
security best practices ,security ,security vulnerabilities

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}