Imagine this: your employee is beginning his morning responding to emails, and sees one with your name in the "from" field. The email has your signature and asks for a funds transfer. He clicks on the link you sent, ready to explore further. But there's one issue: you didn't really send that email. Your employee's small error has just led to a big problem. Your important data could be lost in moments.

This scenario is all too realistic. The rise of big data means your credentials are currency, and that people who've purchased them can use them to spoof your signature to send that email to your employees, or place a phone call acting with your identity, or choose any number of other attack vectors to compromise your intellectual property.

There are a few adjustments you can make within your organization to better ensure database security, which includes protecting your intellectual property, and protect the business operationally, reputationally and financially. Begin by establishing clear written policies.

Adjustments for protecting intellectual property

Set the Rules

What one thing could you do today to protect your data from malware, a cryptolocker installation, a power outage, or internal sabotage?

According to Gartner, establishing controls for privileged access is currently a major focus for organizations and auditors. By 2018, 25 percent of organizations will review privileged activity and reduce data leakage incidents by 33 percent, as compared to only less than 5 percent of organizations who were tracking and reviewing in 2015.

Establishing a clear chain of command would readily guarantee your employees only gain access to the data they should have access to, and only when they need it. It can further help you identify not only who had permission and when, but also what they did while they accessed the data.

To begin, develop a written policy that explains all of the rules in clear language. That policy, and all others regarding data, will require a signature from each of your employees and from anyone else who may be involved in the chain.

Secondly, with regard to chain of command, institute a file system where requests for access go through a routing process. Rather than having your employees send an email to the person with current access each time they need to gain access, implement a solution that ensures there is no guesswork or lack of oversight. Similarly, ensure action logs are kept for audit trails, should anything go wrong.

Set password, authentication and BYOD policies. Consider multi-factor authentication to reduce the likelihood of successful credential theft. Encourage all stakeholders to adopt each as though these policies are critical to the health of your business, because they are.

Educate, Educate, Educate

A written policy doesn't mean much if your employees don't know exactly how to comply. Clear language can help, but so can education. In fact, lack of end-user education is one of the biggest threats to data security, says Alex Insley, Twinstate's Unified Defense Strategies technical manager. "Do they know to be aware or suspicious all the time?" Insley cites a quip from The Atlantic's November 2015 cover to make the point: "If you're not paranoid, you're crazy."

Whether a user is on a mobile device, a work computer or a device at home, the human element represents a visible chink in your data's armor. Insley notes the sophisticated, constantly advancing social engineering tactics that go into an attack as simple as the phishing email described at the beginning of this post.

"You have users who are not informed or aware, who will click on the link in the email and it's all over," he says. "User education isn't given its due."

But comprehensive threat education, conducted once or twice per year, can help keep your employees aware of data loss risks and attentive to possible threats. Furthermore, awareness training represents an individual benefit, because users can apply knowledge to their personal lives, teaching their families good habits and protecting their own information. Continuous education through distribution of trusted content is a recommended supplement to these larger training efforts.

Get Help From a Partner

What if you develop policies and establish education, but don't have the resources to manage and track all of the intricacies of your data security? This is where a trusted security partner comes into play. If you want to cover all your bases, you'll need (at least) the following:

- Regular patch management
- Endpoint security
- A next generation, advanced firewall
- Synchronized security that correlates actions in your systems to best recognize malicious activity
- A backup process that is: regular, automated, off-site, encrypted
- Security Incident and Event Management (SIEM) solutions

For example, if your employees are using mobile devices for access to company data, and a device is compromised, certain security software on the server or firewall, like Sophos, could detect that. If you have an off-site, encrypted and regular backup process in place, in a worst case scenario, you may be able to recover intellectual property lost to error. And if you have a SIEM platform in place, you'll have logging and logging analysis mechanisms that can help you understand next steps.

The quest to protect your intellectual property is, in some ways, taxing. But data loss is even more so. To start protecting your assets now, begin with policies, be prepared to focus on awareness education and consider a partner for the backend.

Want to learn more about how Twinstate Technologies can be that partner for the backend?