BANGALORE, INDIA: Indian enterprises are not insulated from cyber attacks. The internet knows no boundaries, and business borders have disappeared. Technology has enabled the explosion of information beyond four walls, and the rapid entry of smart devices means the office can be anywhere

Here are some best practices for CIOs by end-point security firm Symantec

'Integrate security tools with advanced threat prevention solns' 

Assess the risk:
Organizations must know where sensitive information resides, who has access to it, and how it is entering or leaving your organization. In addition, organizations should continually assess their network and endpoints to identify possible vulnerabilities.

Minimize the risk:
Organizations must implement a multi-layer protection strategy to minimize the risk of exploited endpoints. In addition to traditional antivirus, firewall, and host intrusion protection technology, organizations should deploy the latest innovations in endpoint security, such as reputation-based security and real-time behavioral monitoring. Finally, organizations must patch applications and systems regularly.
Educate. Train employees on the risks and what they need to do for safe computing and then hold them accountable.

Be Prepared:
It’s important to prepare for the inevitable by creating a full incident response plan and practise implementing the plan. This will improve response time and ensure a more complete response.

Holistic approach to security

Essentially, enterprises need to develop a security strategy that is risk-based and policy-driven, information-centric and operationalized across a well-managed infrastructure. Specifically, we recommend that enterprises should:

Develop and enforce IT policies and automate compliance processes. By prioritizing risks and defining policies that span across all locations, organizations can enforce policies through built-in automation and workflow and not only identify threats but remediate incidents as they occur or anticipate them before they happen.

Protect information proactively by taking an information-centric approach.  Taking a content-aware approach to protecting information is key in knowing who owns the information, where sensitive information resides, who has access, and how to protect it as it is coming in or leaving your organization.  Utilize encryption to secure sensitive information and prohibit access by unauthorized individuals.

Authenticate identities by leveraging solutions that allow businesses to ensure only authorized personnel have access to systems.  Authentication also enables organizations to protect public facing assets by ensuring the true identity of a device, system, or application is authentic.  This prevents individuals from accidentally disclosing credentials to an attack site and from attaching unauthorized devices to the infrastructure. 

Manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.

Protect the infrastructure by securing endpoints, messaging and Web environments.  In addition, defending critical internal servers and implementing the ability to back up and recover data should be priorities.