We still have to make it as hard as possible to break in, with secure front facing systems, anti-virus, strong passwords, best practice and patching. But digital security is only as good as the weakest link.
By understanding your business infrastructure, your risk components, your data requirements and who has access to it you can make it very hard for a hacker who has managed to compromise that weakness to get anything out.
No matter the size, all Organisations need to do a risk management plan. They need to create a blueprint of what data is important, how it will be protected, who has access to it and who can move it around. This plan then allows management to base cohesive risk strategies around that data.
This risk management plan will also show, how that information will be protected. Will the more important data have more complex systems around it. Will the infrastructure have to evolve from a flat network to a more complex levelled network with internal firewalls and complex processes. Will the data be removed from single sign on capabilities to a more complex system of protection?
Balancing convenience and security will be the major problems in the protection of your data.
All of these questions need to be answered before your organisation becomes another Internet statistic.