- Home
- Alerts & Advisories
- Advisories
- How Individuals and Organisations Can Ensure Data Resilience
Advisory
How Individuals and Organisations Can Ensure Data Resilience
5 August 2024
Data resilience has become increasingly important in a digitalised world. It ensures that your data retains confidentiality, maintains its integrity (i.e. no unauthorised modifications) and is available when you require access.
It is important for individuals and organisations to take proactive measures to safeguard their data from potential cyber threats.
Individuals and organisations are advised to take the following steps:
1) Conduct Regular and Comprehensive Backups
Most individuals and organisations have data stored in their personal or work devices including laptops, servers, and mobile devices. It is essential to perform regular backups.
Backups can be stored in several types of media, including (but not limited to):
• Removable Storage Media
• Internal Hard Disks Drives
• Cloud Storage
• Print media
Relying on a single media backup may not provide sufficient data resilience. Hence, individuals and organisations are encouraged to consider using at least two separate backup options for important data on different media to ensure data resilience. Additionally, to maintain data integrity, individuals and organisations are encouraged to conduct regular backup tests to confirm there are no errors, thereby verifying that the recovery procedures are reliable and effective in guarding against potential data loss.
2) Utilise Data Encryption
Data encryption is crucial to ensure the confidentiality and security of sensitive information. All important data, whether in storage and in transit, should be encrypted using strong encryption algorithms to ensure they cannot be read even if exfiltrated (via device compromise) or captured (via Man-in-the-Middle attacks). Individuals can consider using reputable encryption tools and/or built-in encryption features to protect their data from unauthorised access. Organisations should employ industry-standard encryption (e.g. AES-256) to ensure data confidentiality and protect sensitive information.
3) Regularly Update Software and Systems
Ensure that all software and systems are equipped with the latest security patches to address new vulnerabilities, thereby minimising the risk of possible data corruption or data theft. Individuals and organisations should consider enabling automated security patching features to ensure timely and consistent patching.
4) Stay Informed on Emerging Cyber Threats
As cyber threats evolve, it is important for both individuals and organisations to stay informed of the latest cyber threats and best practices for cybersecurity.
Additionally, organisations should:
1) Implement Network Segmentation
This is to isolate different segments of the organisation's network to limit any potential compromise to single network segments and minimise the risk of wholesale data breaches. Network segmentation will also generate network traffic logs that can be regularly monitored for malicious online activity. Highly confidential information should reside in network segments with no direct Internet access.
2) Enforce Strict Access Controls
This should be implemented together with robust authentication measures to reduce the risk of unauthorised access to sensitive data. By adhering to the principle of least privileges that grants only minimal necessary access rights to each employee, the risk of insider threats and unauthorised access can be significantly reduced. Organisations are also encouraged to review their access control lists regularly and remove any inactive accounts.
3) Establish Disaster Recovery Plans
A recovery plan should be developed to provide the organisation with a structured approach to respond to disruptions and restore business operations efficiently. Organisations should take into consideration the following in their disaster recovery plans:
• How critical data is classified and segmented
• How data should be backed up
• How data can be restored
• Frequency of data backups
Organisations are also encouraged to review the response plan regularly to ensure that they remain up-to-date and effective.
4) Conduct Cybersecurity Training
Organisations can consider educating employees on common cyber threats and cybersecurity best practices. The training can encompass raising awareness of the importance of data security, the latest phishing techniques, and best practices for securing data. By equipping employees with cybersecurity knowledge and skills, this can reduce the likelihood of employees falling victim to cyber incidents, thereby minimising the potential for data loss.
By adopting robust preventive measures and staying vigilant against evolving cyber threats, individuals and organisations can be better prepared to enhance their data resilience.
More information is available here: