Network security refers to any action, device, or system designed to protect the reliability and safety of a network and the data stored on it. Data security refers to protecting the security of the networks and the data being stored on them.

In this section, we describe the methods, technologies, and best practices that companies can use to reduce the risk of data breaches and improve the protection of sensitive data. We highlight some of the most commonly-used methods and technologies, along with considerations for their design.

The following table outlines some of the more common methods and technologies used to secure data.

Best practices for minimizing data breaches

All companies should implement a data breach policy and implement policies and procedures to minimize the risk of data breaches in all areas of the business. One way to reduce risk is to encrypt the data as much as possible. To improve the security of an organization’s sensitive data, organizations should:

Use company-provided, endpoint security controls.

Secure data at rest by securing network connections such as those that transport network traffic and that provide the basic infrastructure for receiving, storing, and transmitting data. For example, network connections used for email (such as mail or POP3), on-premises file servers, or on-premises virtual private networks.

By default, these are data-local security controls, meaning that they must be secured within an organization’s network. For more information, visit https://www.fortinet.com/products/fortisoar

Protect data at rest through encryption.

Protect data at rest by securing network connections such as those that transport network traffic and that provide the basic infrastructure for receiving, storing, and transmitting data. For example, network connections used for email (such as mail or POP3), on-premises file servers, or on-premises virtual private networks. Provide complete and effective protection of the endpoint (portals and connection points).

Enable endpoints to be managed remotely, including those that are considered private. These should be used only for secure communications (such as VPNs) and information access (such as for storing information).

The following is a list of some of the most common and effective security controls used for the security of networks and data in general.

Using endpoint security controls

Endpoint security controls allow an organisation to secure data across the entire organisation. Data-local security controls are those implemented using company-provided, endpoint security controls, rather than using infrastructure-specific controls or protocols. This ensures that an organisation can provide a greater level of protection to its data and resources and helps ensure that only the appropriate services and applications are running on endpoints.

The following figure shows an example of a company implementing a network security policy to ensure that its data is encrypted across its entire infrastructure.