Data Violations – Record Year For Data Breaches

Record Year For Data Breaches

The news is full of data security breaches. This week, Sputnik International reported that Hacking Team had a 400 GB database stolen and published, and last month Ars Technica discussed in detail the information breach at the U.S. Government’s office of Personnel Management. MSPmentor‘s current IT security news includes the hacking of databases at Harvard, a data breach discovered at Orlando Health, and 85,000 compromised debit and credit cards during the FireKeepers Casino data breach. Non-profit identity theft organization ITRC reported 400 data breaches this year as of June 30 and believes 2015 could top the charts for data violations.

report-breaches

See The Full Report

As if you didn’t have more important things to worry about – so here’s a quick look at how to stay ahead.

The Risks

  • Access control and authentication: are you certain only the necessary people have access to relevant data at all times?
  • Terms and conditions: are the standards of your Service Providers equal to those your organization maintains? And how secure are your own standards?
  • Virtualization technology: what are the security guarantees? How accessible are the services offered?
  • Data privacy: strict security measures need to be in place ensuring responsible data management, and industry and regulation compliance.

Security Strategies

  • Transparency: choose service providers that adhere to industry standards, provide clear service and product details, and have open lines of communication.
  • Drills: be sure to test for possible security holes, and plan for breaches. Just as you would prepare for physical risks such as fires, put emergency tests and procedures in place to counter data threats.
  • Backup: always have a backup. Do it now.
  • Diversify: minimize your risk by spreading data over localized and cloud servers; scatter service provider usage where possible.
  • Education: train yourself and your employees on security threats and defenses. Try to be proactive and keep up with the constantly-evolving environment.
  • Data tracking: understanding data-centric security tools helps maintain sensitive data and ensures you’re the first to know should something go wrong.
  • Policies in place: governance policies are essential and should be clearly established to safeguard data privacy. Data sensitivity classification helps apply the correct security techniques to relevant data sets.
  • Encryption: never store encryption keys in the software or with your data, and be certain that strong encryption techniques are being used. Always remember that data being used is also vulnerable, so take steps to ensure secure handling.

By Jennifer Klostermann

JK Chelladurai
Usage-Based Pricing We are now in an era where many businesses are flipping their business model and shifting from subscription-based pricing to usage-based models, to better cater to the modern ‘pay-as-you-consume’ buyer. So what exactly ...
Episode 16: Bigger is not always better: the benefits of working with smaller cloud providers
The benefits of working with smaller cloud providers A conversation with Ryan Pollock, VP Product Marketing and Developer Relationships for Vultr.com - Everyone knows who the big players are in the cloud business. But sometimes, ...
Kelly Dyer
Achieving Data Security Compliance As individuals, we go through life sharing information about ourselves in every aspect of our daily existence. From credit checks for securing a loan, through to entire personal and family medical ...
Threat Security
Azure Red Hat OpenShift: What You Should Know What Is Azure Red Hat OpenShift? Red Hat OpenShift provides a Kubernetes platform for enterprises. Azure Red Hat OpenShift permits you to deploy fully-managed OpenShift clusters in ...
Yuliya Melnik
Heroku or AWS Cloud infrastructures are gradually starting to penetrate into an increasing number of areas and various businesses. And this is not surprising because such a ploy allows you to improve internal processes, protect ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.