Cybersecurity month: Who has control over the company's data?

Editorial staff Cegal want to build a stellar nextgen tech company that enables a more sustainable future, and shape the digital future by turning complex IT into digital success stories.

10/07/2024 |

October is here, and with it comes Cybersecurity Month, also known as European Cyber Security Month. An entire month dedicated to security provides an excellent opportunity to reflect on how you protect your company’s most valuable asset: your data. One of the most fundamental questions every business should ask itself is: Who has access to our data?

Who has access to your company’s data?

In today’s digital world, access to data is broader than ever. It’s no longer just the IT department with access, but also third-party vendors, cloud services, and even individual employees working from their home computers. This can quickly turn security into a patchwork where oversight gets lost. Does your company have a clear and up-to-date list of who has access to what? For many, the answer is no.

A systematic approach to solving this issue is to implement an effective Access Management strategy. By applying principles like “least privilege,” where each user only has access to the resources absolutely necessary for their work, you can reduce the risk of unauthorized access and potential data breaches.

World Password Day and the future of authentication

World Password Day is observed globally to remind us to use strong and unique passwords. But we must ask ourselves: Are passwords a secure solution?

Passwords have long been the most common form of authentication, but they are also one of the biggest security risks. Data breaches and brute force attacks have shown that passwords are not secure enough, even with multi-factor authentication. That’s why major players, like Oracle, have decided to move away from passwords and instead shift to biometric authentication.

This was announced at Open CloudWorld in Las Vegas in September, and you can read more about it here. With fingerprints, facial recognition, or iris scanning, the risk of unauthorized access to sensitive information is significantly reduced.

Biometric solutions not only offer higher security but also a better user experience. No more forgotten passwords or unprotected notes on the desk. The question is no longer if we should stop using passwords – but when.

The Importance of regular backups and testing

In security discussions, it’s easy to focus on preventing breaches, but another critical part of a company’s security strategy is ensuring that data can be restored if the worst should happen. This is where backups play a crucial role. But how often is your backup tested? A backup isn’t enough— you also need to know that it works. Unfortunately, many companies only discover during an incident that their backup is unreliable or outdated, which can result in extreme costs for your business.

That’s why it’s essential to implement routines for regular backup testing. By simulating restores, you can ensure that your data isn’t just saved but can also be quickly restored when needed.

At Cegal, we have customers who appreciate our service, Database Restore Test as a Service, which automatically tests company backups within a specified interval. If a backup is corrupted, you’ll be informed, and we can quickly start working on a solution to the problem.

The NIS2 directive and the future of cybersecurity

In data security, it is also important to mention NIS2, the European directive coming into effect to strengthen the protection of network and information systems. This directive introduces stricter requirements for companies to protect their systems against cyber threats, especially in sectors critical to the functioning of society, such as energy, transport, and financial services. For financial services, specific rules are set by DORA.

Preventing and managing operational disruptions will be central to meeting NIS2 requirements, achieved through risk management measures.

With increased controls and security measures, companies are forced to take a more proactive and structured approach to their security efforts.

What does your data security look like today?

Cybersecurity Month is the perfect time to step back and assess your data security. Do you have control over who has access to your data? Have you started exploring solutions beyond passwords? And are you prepared for the requirements NIS2 will bring? Even if your company is not directly affected by NIS2, you may have customers who are. Therefore, it is crucial to ensure that your company has thoroughly prepared and is ready to comply with the relevant requirements.

By focusing on secure backups, better authentication, and stricter access management, you're not only protecting your business today but also preparing for future data security demands.

Looking for guidance on how to strengthen your company's data protection? Support is available — from governance to technical solutions — for comprehensive data security. From a technological perspective, we’re a one-stop shop for all database engines and can ensure that your data is in safe hands. It’s not just about the technology — compliance with legal requirements is equally important. With clear processes in place, it becomes easier to maintain the right level of security and handle potential incidents.