Production 201: Data Security
In today’s digitally diversified data environment, coupled with our complex world, security can appear to be a large endeavor to build and integrate into an organization. Our world is filled with words like “cloud technology”, “Firewall” and “Ransomware” and organizations are now faced with ever changing business initiatives, technological advancements, and automation. Further, there is an ever-increasing pressure with clients and suppliers for highly efficient, and cost-effective results. So, what does Production Solutions do when “IT Security” looks massive?
Well, it’s like the saying: Don’t look at the building, look at the bricks. Production Solutions takes protecting our client data very seriously.
PS understands that having the required security measures in place (e.g. firewalls, antivirus protection, antispam systems) was not sufficient to meet the ever-growing and changing threats of cyber criminals. We had to create a security program that would elevate our security posture, be: systemic, all-encompassing, and integrated into the fabric of the organization. Therefore, PS spent 90 days creating a high-level strategy that would place our company on a never-ending journey designed to protect our client data now, and into the future.
So, what did PS do? Here are some of the highlights:
From a perimeter standpoint, PS only allows Secure FTP connects to our FTP site, PS increased email security to include Data Loss Prevention (DLP) scanning for Credit Card and Social Security information, we increased our secure email messaging requirements, we deployed web-security controls for company devices, and we employed encryption on all company devices.
Internally, PS decreased our PII data storage reducing it down to 90-days, updated and increased our IT Security policies from three to 14 total, tighten access to central IT systems, implemented Multifactor Authentication (MFA) for email as a requirement, increased password requirements and built a risk committee composed of technical, management and executive staff.
For the staff, PS increases security awareness through consistent education. We have regularly scheduled email security training, required yearly video training, and required IT policy review.
From a physical layer, PS has increased our security monitoring in our office space and LAN room and implemented new requirements for visitors and guests.
All these items facilitate the protection of client data from multiple levels now and can be expanded upon as PS grows and as our clients’ data traverses our network or is resident.
This year, PS is headed even further in our passion to create a more secure environment for our client data through our IT Security Program. Items on the horizon are: implement a SEIM (24x7x365 security log monitoring and alerting for internal systems and end-staff devices), deploy Mobile Device Management (MDM), implement Multi Factor Authentication for all connections to our environment, and much, much more.
Data security is a top priority for Production Solutions, and our clients should rest-assure we are making large investments into people, technology and structure to build a secure environment that is designed to be infinite.