[BreachExchange] Best Practices to Avoid Data Breaches
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Jul 19 19:39:49 EDT 2016
http://blog.backup-technology.com/15075/best-practices-avoid-data-breaches/
Most businesses do not have a pre-defined strategy to follow when sensitive
information is stolen from their system. The complexities caused by data
breaches are underestimated. Companies follow fortress approach and use
encryption security, firewalls and proxies to keep intrusion away from
sensitive data. However, once a data breach has taken place, what counts is
the work done prior to the breach. It would be very difficult to do much
after the breach.
Preparation
Companies need to plan ahead and get ready to answer the important
question: “What do we do after a data breach” well ahead of time. Companies
need to avoid data breaches, but if they find themselves in the unfortunate
situation of a data breach, they should not underestimate the effects of
the breach.
Remember that cyber attacks are not what they used to be a decade ago, they
have evolved, but information governance programs have not changed much.
Triage and Mirage
It is an essential part of an information governance policy to make
arrangements against data breaches. For an effective information governance
policy, companies must have an all-inclusive understanding of their
sensitive data, so that they can be proactive throughout the data breach.
Knowing where sensitive data resides will prove to be very challenging, as
companies have a lot of data in their network systems, but data breach
readiness does not need an all-or-nothing approach.
There is no need to create data map as companies are bound to work at the
content level to recognise things such as payment card information,
personal health information, and personally identifiable information. When
mission critical information is used or updated, make certain that the data
is placed in specific repositories with backup options, as well as security
provisions. Data masking, dual factor authentication and strong password
are significant security layers that can be used. Moreover, masking can
scramble data in order to make social security numbers or credit cards
invalid, acting as deterrent and traps against cyber attackers.
Careful Data Sharing
Controlling user access privileges to data repositories is equally
important as data breach preparedness. File sharing improves collaboration
and efficiency, but makes the data available to potential breaches and also
makes the data accessible to all, including unauthorised people. File
sharing is one of the least secure locations in the network, as permissions
are not strictly enforced in many cases. At times, file shares are made
available to everyone by default, allowing everyone in the company to
access those files.
Permission forms, compensation statements, account numbers, customer
records and HR records could easily be exposed to the wrong person if
shares are not properly setup. Therefore, caution should be exercised when
file sharing is setup, including the ability to automatically purge out
files after a period of time.
Manual or Automated Approach
Though breach preparedness appears to be a straightforward procedure,
businesses need to know about automated scanning and human approach. If AI
and scanning technology are used on computers that are not connected with
in the network, it can allow companies to lock down, move or find sensitive
files. Obviously, you can not trust all employees, and as a result, the
likelihood of insider threats is much more higher than an outsider threat.
Despite the fact, employees play a central role in breach preparedness, and
therefore, they should be given a regular training to cope with various
situations. Companies need to arrange training courses for fresh employees
and refresher courses for experienced staff.
In the long run, awareness and education help people in understanding how
and when shadow IT (cloud storage and restricted access to data) can be
used. While working on an information breach preparedness plan,
organisations should adopt a careful attitude so that employees cannot use
shadow IT and other risky applications inappropriately.
During and after a data breach, experienced and qualified employees are
expected to perform their jobs immediately. In case, emails are not
accessible due to data breach, users often select, though not recommended,
Gmail, Google Drive, or other public email clients to continue business
activities. The company management is responsible to inform employees not
to use any third party system while the company’s servers are down because
of the breach.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160719/e3a165d3/attachment.html>
More information about the BreachExchange
mailing list