Most of the work required to ensure data security is relatively simple, provided that we have to ask ourselves six key questions: "Who, what, where, when, how, why"
Who represents different shareholders; what represents the data to be protected; where represents the location where the data is stored; When represents the most sensitive time period of the data, such as during the upgrade; how represents what needs to be done; finally, why represents the relationship between data value and business. To answer these six questions, we have achieved 95% to ensure data security and provide better transparency.
In the mobile era, BYOD is even regarded as the biggest IT security risk after the emergence of USB storage, but the innovation and advantages brought by mobile enterprises cannot be ignored. Enterprises can enjoy the benefits of mobility while ensuring data security. Of course, this requires enterprises to have reasonable control over data.
It is critical to start with the goal that is most easily achieved, so that the most basic data control can avoid many security risks. However, this method requires effective security awareness training for users. enterprises can abandon the traditional "Teaching" method and use real-world scenario simulation to achieve user education. Remember, the goal is not to teach your employees how to change, but to fundamentally change their approach to security.
A good security awareness training aims to give users a subconscious response to understand why such behavior is risky for data.
In addition, it is very important to make all shareholders understand that risks are not only concerned with core businesses, but information security is also one of the risks to be considered. Business Department personnel may not understand the importance of information backup, but they can understand the principle of buying additional insurance for valuables. The Enterprise Security owner must constantly educate business personnel on the significance of data security and hidden risks. In this process, the security owner needs to ensure that it is described in a language that the business personnel can understand. This is very important.