Protecting your organization is expensive. Leaders are encouraged and sometimes even compelled to provide additional resources to counter threats. As the cost of data breaches rise, regulators and your customers and business partners demand you to protect data you control. In turn, you require your vendors to protect your data. Is substantial investment sustainable and the only response to growing information security risk?

While ongoing investment is necessary and prudent, focusing on foundational controls may help lower your risk with very little cost. This article will highlight ten cost-conscious security controls you may implement without breaking your budget. While the scope and depth will vary, implementing foundation controls may help protect all businesses. Let’s begin with one the most important security controls.

1. Enforce least privilege

In all cases, employees should have only the minimum access to perform their duties. This includes leaders, managers, and especially system administrators with privileged access. Decisions to permit access to sensitive information, data, systems, software, and applications should be based on a defined business need; not by title or perceived need. For example, a manager may only require permissions to read sensitive data. Managers should periodically review access and make adjustments

continue reading »