Layer 5: Data Security

Data is your organization’s most valuable currency, and with the quantity and diversity of data threats we all face, business leaders must prioritize data protection and mandate governance to support those efforts.

Threats come from a variety of external and internal sources, including cyber attacks, ransomware attacks, insider threats, technology failure, natural disasters, phishing, and human error. A resilient organization requires protective strategies that serve to prevent data breaches as well as strategies to mitigate damage in the event an attack occurs.

Encryption

As mentioned in previous sections of this document, data encryption should be applied to documents, files, messages, or any other form of communication over a network. Ricoh ensures all its devices, software, and storage solutions deliver end-to-end encryption.

While data security should be a top priority for all staff, you cannot rely on them to know when or how data should be encrypted. When developing your organization’s encryption policy, you’ll first want to get an accurate picture of where all your data resides, how much of it is confidential or valuable (a potential target for malicious actors), and the risks it presents to your organization. Cleaning up unstructured data and conducting a data protection impact assessment will enable you to develop a comprehensive data security strategy.

Cloud hosting

Bringing your distributed data and infrastructure into one cloud environment allows for holistic, end-to-end monitoring and management, closing security gaps and enabling more rigorous, centralized management. Public, private, and hybrid cloud models allow for varying levels of security suited to the needs of your organization.

Microsoft 365 and Azure are the industry’s top public cloud platforms because of Microsoft’s many layers of security features, add-ons, and integrations, ranging from unified data governance to secured file sharing to user authentication and identity management.

Ransomware security

There are two critical layers to ransomware security — prevention and mitigation. Preventative solutions detect ransomware signatures and behaviors, stopping them from getting past the perimeter, whereas ransomware containment stops outbreaks of malicious encryption if it breaks through safeguards. The software focuses on the outcome of ransomware, rapid illegitimate encryption. It stops encryption at the source or root file, isolating and containing it to prevent further spread.

Ransomware containment is a critical last line of defense to an organization’s security infrastructure, filling the perilous gap between devices and file shares where organizations often lack the essential defenses.

Secured data backups and recovery

An essential element of data security is planning for the unexpected; whether it is a cyber attack or a system malfunction, to maintain operations you need to know your data can be reliably and quickly restored.

The most secured and failsafe backup solutions involve a combination of advanced cloud technologies and expert management, which is why many organizations outsource to a trusted services provider. From implementation to configuration, regular testing, and recovery, you can rest assured your data is protected and accessible in any scenario.

Compliance assessments

Organizations subject to PCI DSS, PII, HIPAA, FINRA, FERPA, GDPR, CCPA, or FFIEC mandates — or needing to meet compliance requirements that adhere to the HITRUST framework or meet other corporate security policies — should consider compliance-centric professional IT services.

These focused services assist customers in achieving compliance with a variety of federal, state, and industry regulations including Federal Rules of Civil Procedure (FRCP), Open Meeting Laws, Freedom of Information Act “Sunshine Laws”, SEC 17A-4 and NASD 3010, SEC Investment Advisers Act of 1940, Sarbanes-Oxley Act of 2002 (SOX), HIPAA (Health Insurance Portability & Accountability Act), and GLBA (Gramm-Leach Bliley Act).

Compliance-centric measures include:

• Automated data capture, tagging, and archiving of all emails and attachments
• Original email format preservation
• Rapid random sampling of requested data to regulatory bodies
• Automated user offboarding
• Mobile device management
• Enforced separation of duties
• Isolating systems for sensitive information
• Linked access rights and audit to user identities

Source:  RICOH USA