Prevent and Mitigate Security Breaches
Encrypt data on all computers and storage devices, including removable storage devices and drives.
Use the Microsoft Security Assessment Tool (MSAT) to help identify risks in your IT security environment and build a plan to successfully manage the risk.
The Windows Security Compliance Toolkit contains step-by-step guidance for deploying BitLocker Drive Encryption and the Encrypting File System (EFS) in enterprise environments.
Use the Data Encryption Toolkit for Mobile PCs to effectively implement BitLocker and EFS for mobile PCs.
Be aware of the details of breach notification laws in all regions in which you conduct business. Work closely with your general counsel to follow the proper procedure in the event of a security breach. National and local laws vary considerably.
Consider using Object access auditing for items associated with the administrator accounts so that actions can be monitored.
Enforce the use of strong passwords throughout your organization.
Enforce the idea of least privilege, wherein computer accounts are given only those permissions required to perform a job function.
Coordinate your IT security plan with your physical security plan to help control access to data centers or other high risk areas.
Understand and prioritize critical assets with business unit managers to ensure proper coverage of the correct assets, including identification and classification of data.
Ensure that an incident response plan is in place and that exercises are conducted regularly so that the staff is able to react quickly and without confusion in a crisis.
Develop and implement plans to reduce the likelihood of common types of breaches to mitigate their impact should they occur and to respond if the mitigaÂtions are not fully effective.
Perform small-scale drills (like conference room role-playing scenarios) frequently, and use them to identify areas for future emphasis.
See Â â€œResponding to IT Security Incidentsâ€ for additional ideas.
Do not use Social Security numbers for authentication purposes or as identifiers for employee or customer data.