Moving Online – Part of Your Data Breach Strategy

Data Breach Strategy

The latest Verizon Data Breach Investigations Report is out, and the verdict is in: data breaches are on the rise. While the news shouldn’t surprise anyone, there are some actionable insights to help improve cybersecurity organizational approaches and reduce regulatory risks.

The numbers don’t lie

Since its first release in 2003, this report has identified human error and carelessness as two of the biggest data breach enablers found in organizations worldwide. While these actions are both avoidable, they’ve consistently been the top culprits contributing to data breaches.

Despite the rise in awareness around bad user habits and the availability of a proliferation of security solutions on the market, the figures in the 2017 report reveal that user behavior is still the biggest threat:

  • 81% of hacking-related breaches leveraged either stolen or weak passwords
  • 39% of breaches occurred in Financial Services and Healthcare – two of the most heavily regulated industries
  • 51% involved criminal gangs
  • 25% of breaches involved internal actors
  • 21% were related to espionage

The report provides a very sobering view on the top risks associated with breaches that doesn’t seem to be getting any better. So, what’s the best way to reduce your chance of being breached? Let’s take a look.

The password double-edged sword

Stolen or weak passwords are a hackers delight. Once they guess or obtain your password, all of your information is theirs for the taking. This is why users are encouraged to keep changing their passwords or use complex passwords that are hard to guess. Using simple Multi-Factor Authentication (MFA) technologies not only increases security, but also provides a second layer of proof. By identifying the user by password AND something else, such as access to a specific physical device, it’s harder for hackers to crack your info.

If you work in Financial Services or Healthcare, you should immediately up your password game. Both industries are attractive to hackers due to the amount of sensitive information they can gather by cracking your code. For example, medical records are extremely valuable and can lead to fake ID creation and/or identity theft – both of which are big money makers on the black market.

Where’s the leak?

Data leak

The internal actors that commit 25% of data breaches are just bad business. These breaches – which are commonly committed by employees, partners, contractors – demonstrate that the organization breached does not have their content under control and out of harm’s way. If an employee requires access to specific data or files to do his/her job, that individual should have access to only that – not everything.

For example, contractors should only have access to the information they need to complete their job. Once that job is done, access should be removed quickly. When access to sensitive information is required, using tools such as Information Rights Management (IRM) ensures that only specific actions can be taken with that content (e.g., read-only, no printing), and watermarking clearly identifies the origins of a document right on the page, allowing use but not theft.

When bad actors achieve unauthorized access, all sensitive business information or Personally Identifiable Information (PII) should be unattainable. Encryption prevents classified information from ending up in the wrong hands, and functionalities like IRM or Customer Managed Encryption Keys (CMK) ensure access to content can be switched off, helping prevent espionage.

Data breach concerns are universal

Organizations in all industries face data breach issues. By ignoring them, you run the risk of not only losing business information, but also the potential loss of PII. The consequences can be more than just the prospect of non-compliance with regulatory issues, such as the impending GDPR, but reputational risk is also a possible outcome— resulting in lowered market value and loss of customers.

How can data breaches be prevented?

The first step to preventing data breaches is to take on the “not if, but when” mindset – be paranoid. By following simple steps outlined above, such as incorporating MFA into password-protected systems and using secure cloud collaboration technologies, you can reduce the likelihood of being breached and protect both your organization and sensitive information. However, you have to constantly monitor your security posture and that of your cloud vendors. Many cloud vendors have a security posture that is more secure than your own, use all the resources available to you Choose your cloud vendors carefully and you’ll be able to rely on them to keep your information private and secure.

By Daren Glenister

Ray Meiring
Fueled by extensive demand in IT, healthcare, financial services, and telecommunication—initially spurred by the pandemic-driven frenzy to transition to remote working—managed service providers (MSPs) are busier than ever. As businesses adopt MSP services to upgrade, ...
Gary Bernstein
AI-powered identity verification Even if you don’t want to admit it, doing business online in today’s environment poses a greater risk. Criminals are constantly on the lookout for vulnerabilities to exploit, including hacking, data breaches, ...
Alex Dean
Enabling Privacy and Personalization Most businesses today rely on data collected online to better understand their customers and deliver more personalized products, services and experiences. These insights can be transformative for an organization, especially when ...
Steve Prentice
The Need for Experts The explosion in AI technologies has brought with it clear concern that easy answers and intelligent copywriting are now the domain of machines. This has led to the question of whether ...
Cloudtweaks Comic Ai
How AI Is Important for Businesses Shifting to Remote Work The Coronavirus Pandemic has taught us that organizations must have remote work choices. It is no longer possible to work in a digital environment. The ...

Get Smarter

Whether you're just starting out in the online industry or looking to take your skills to the next level, Get Smarter eLearning platform is the perfect choice for you. Sign up today and start your journey towards online success!

Use code LEARN15 to enjoy 15% off all courses.