Moving Online – Part of Your Data Breach Strategy

Daren Glenister

Data Breach Strategy

The latest Verizon Data Breach Investigations Report is out, and the verdict is in: data breaches are on the rise. While the news shouldn’t surprise anyone, there are some actionable insights to help improve cybersecurity organizational approaches and reduce regulatory risks.

The numbers don’t lie

Since its first release in 2003, this report has identified human error and carelessness as two of the biggest data breach enablers found in organizations worldwide. While these actions are both avoidable, they’ve consistently been the top culprits contributing to data breaches.

Despite the rise in awareness around bad user habits and the availability of a proliferation of security solutions on the market, the figures in the 2017 report reveal that user behavior is still the biggest threat:

  • 81% of hacking-related breaches leveraged either stolen or weak passwords
  • 39% of breaches occurred in Financial Services and Healthcare – two of the most heavily regulated industries
  • 51% involved criminal gangs
  • 25% of breaches involved internal actors
  • 21% were related to espionage

The report provides a very sobering view on the top risks associated with breaches that doesn’t seem to be getting any better. So, what’s the best way to reduce your chance of being breached? Let’s take a look.

The password double-edged sword

Stolen or weak passwords are a hackers delight. Once they guess or obtain your password, all of your information is theirs for the taking. This is why users are encouraged to keep changing their passwords or use complex passwords that are hard to guess. Using simple Multi-Factor Authentication (MFA) technologies not only increases security, but also provides a second layer of proof. By identifying the user by password AND something else, such as access to a specific physical device, it’s harder for hackers to crack your info.

If you work in Financial Services or Healthcare, you should immediately up your password game. Both industries are attractive to hackers due to the amount of sensitive information they can gather by cracking your code. For example, medical records are extremely valuable and can lead to fake ID creation and/or identity theft – both of which are big money makers on the black market.

Where’s the leak?

Data leak

The internal actors that commit 25% of data breaches are just bad business. These breaches – which are commonly committed by employees, partners, contractors – demonstrate that the organization breached does not have their content under control and out of harm’s way. If an employee requires access to specific data or files to do his/her job, that individual should have access to only that – not everything.

For example, contractors should only have access to the information they need to complete their job. Once that job is done, access should be removed quickly. When access to sensitive information is required, using tools such as Information Rights Management (IRM) ensures that only specific actions can be taken with that content (e.g., read-only, no printing), and watermarking clearly identifies the origins of a document right on the page, allowing use but not theft.

When bad actors achieve unauthorized access, all sensitive business information or Personally Identifiable Information (PII) should be unattainable. Encryption prevents classified information from ending up in the wrong hands, and functionalities like IRM or Customer Managed Encryption Keys (CMK) ensure access to content can be switched off, helping prevent espionage.

Data breach concerns are universal

Organizations in all industries face data breach issues. By ignoring them, you run the risk of not only losing business information, but also the potential loss of PII. The consequences can be more than just the prospect of non-compliance with regulatory issues, such as the impending GDPR, but reputational risk is also a possible outcome— resulting in lowered market value and loss of customers.

How can data breaches be prevented?

The first step to preventing data breaches is to take on the “not if, but when” mindset – be paranoid. By following simple steps outlined above, such as incorporating MFA into password-protected systems and using secure cloud collaboration technologies, you can reduce the likelihood of being breached and protect both your organization and sensitive information. However, you have to constantly monitor your security posture and that of your cloud vendors. Many cloud vendors have a security posture that is more secure than your own, use all the resources available to you Choose your cloud vendors carefully and you’ll be able to rely on them to keep your information private and secure.

By Daren Glenister

Aruna Headshot

Top Four Predictions in 2020 for Unified Collaboration

Predictions in 2020 The year 2020 promises to usher in significant new developments in collaboration and communication. It’s part of an unending climb, moving higher ...
Bittitan

Episode 6: Cloud Migration: Why It’s More Important Than Ever

The Importance of Cloud Migration Moving fully to the cloud is still a concern for many companies, but with millions of employees working from home, ...
Or Lenchner

Seeing what consumers see: opening the internet with IPPN

Opening the internet with IPPN To remain competitive and profitable, all brands must be data-gatherers. This is part of any brand’s daily routine, but a ...
Business Virtual

Open Virtual Exchange (OVX) – Helping DSPs Fast Track the Monetization of SDWAN

Open Virtual Exchange (OVX) Bring agility and speed to market with intelligent network automation Digital Service Providers (DSPs) do have high expectations from virtual network ...
Anita Raj

A Winning Data Strategy Series Part 3: From Data-driven To An Insight-driven Organization

Insight-driven Organization This is the third piece of a 5-part series on plugging the obvious but overlooked gaps in achieving digital success through a refined ...
Chandani Patel Volansys

Pillars of AWS Well-Architected Framework

Well-Architected Framework Cloud computing is proliferating each passing year denoting that there are plenty of opportunities. Creating a cloud solution calls for a strong architecture ...
Growing Up.png