10 Ways The Enterprise Can Prevent Data Leaks

Prevent Data Leaks In The Cloud

More companies are turning to the cloud for storage. In fact, over 60 percent of organizations store sensitive information in the cloud, according to a recent Intel security survey. As a result, the risk of exposure through data leakage continues to increase, as well as the issue of cloud compliance.

How can enterprises ensure data remains secure amidst this rise of cloud computing? Below are some tips and best practices on how enterprises can stay compliant when using cloud storage and backup services.

  1. Classify data: Classifying high value, personally identifiable information (PII) is an important first step in knowing what an enterprise needs to protect. Classifying data such as dates of birth, social security numbers, and banking information allows access and security procedures to be increased based on the sensitivity of the data.
  1. Know where your data lives: As new regulations like the General Data Protection Regulation (GDPR) are rolled out, knowing the physical location of where enterprise data is stored will be critical to keeping data safe. It’s equally important to also know how to protect data once it leaves a device. Too much emphasis is placed on securing data at rest, and not enough on data in motion. As companies expand and operate in multiple countries, we should expect to see a rise in protecting data that’s on the move.
  1. Vet your vendors: As new data privacy regulations are implemented, enterprises must maintain continuous compliance. Gone are the days when compliance was a one-time exercise. Ensuring cloud vendor compliance will be particularly challenging for companies operating in multiple countries, as regulations vary from region to region. Companies need to stay on top of their vendors to ensure they not only disclose where data is stored but where it is processes also, they may not be the same, and businesses can no longer assume their data is safe or compliant when outsourcing to a service provider.
  1. Have an incident response plan in place: Regardless of industry — healthcare, government, education— it shouldn’t be a matter of preparing for the possibility of a cloud provider to fail in their responsibilities, but rather, the likelihood of one. By defining and implementing an incident response plan, enterprises can avoid a blame game and know who is ultimately responsible for remediating the problem from the get-go.
  1. Utilize Information Rights Management (IRM) technology: As criminals continue to target PII within corporate networks, IRM technology can be a critical tool for protecting data and maintaining compliance. This technology protects sensitive data by embedding encryption and user permissions directly into the file, instead of the systems around it. This ensures safety throughout the lifecycle of the document, both at rest and in motion and allows data to be protected in the event of a leak.
  1. Uphold a single ‘source of truth’: Whether you’re sharing data internally or externally, it’s important to maintain a single ‘source of truth’ by minimizing the number of copies shared through secure collaboration tools. This allows individuals to securely collaborate and prevent multiple copies from being distributed – reducing both the threat surface and the chance of data leak. Watermarking documents can also help an organization quickly track down the source of a data breach to minimize its effects.
  1. Encrypt data, no matter where it resides: Encrypt sensitive data 24×7, whether at rest or in motion. This isn’t a ‘nice to have’ technology; both PII and other sensitive information needs to be encrypted. Why? Encryption is your last defense against cybercriminals phishing for your privacy. When all other attempts at protecting data fail, encryption is every organization’s last hope to protect its most sensitive data from being an unwilling participant in the hacker’s game of breaches.
  1. Get smarter about passwords: By accessing just one single username or password, hackers can communicate with hundreds of others and appear credible. That gives them time to navigate within a company until they reach the target— the person who has administrative access to data. If cybercriminals get their hands on a CEO’s credentials, they can send out emails to the Executive team telling them to take certain actions, all without the CEO ever having a clue. Knowing the consequences can help put into context the importance of protecting data.
  1. Set permissions: By setting user permissions on a need-to-know basis, companies could significantly reduce the chances of copying and pasting data (which can easily slip into the wrong document or email address). For example, if the IT team sets default permissions in a document-sharing platform as ‘editor’ rather than ‘viewer,’ a lot of sensitive data could slip through the cracks.
  1. Educate, educate, educate: Last, but not least, it’s crucial to spread awareness throughout the organization. Can your employees spot a phishing email? Are they still using spreadsheets to store password information? From employees to board members to vendors, there’s no such thing as too much education. The first step to preventing data leaks is knowing the potential consequences, as well as best practices, to prevent the spread of attack.

Apart from the fundamental and basic steps organizations need to follow to secure data (like network firewalls and endpoint protection tools), enterprises implementing the above best practices will prevent their chances of leaking highly sensitive data stored in the cloud.

By Daren Glenister

Stacey Farrar
Document Migrations Require More Diligence Data creation has risen dramatically in recent years and shows no signs of slowing. According to analyst firm IDC, widespread remote work led to a spike of new data in ...
Cloud Image Migration
Effective Cloud Migration Monitoring The global pandemic witnessed the digital transformation of businesses in the cloud.  Today, even as the world resumes to normal, the end-to-end innovation in business strategies has kept the momentum going ...
Louis
Real-time Enterprise Software Data Enterprise software startups are capitalizing on real-time data to continually improve revenue, costs, cash flow, marketing, and sales as their business grows. The majority of software startup CEOs spoken with have ...
Gary Bernstein
Secure Remote Authentication When employees are working remotely, they need to be able to access company resources and applications just as if they were in the office. This means that remote authentication needs to be ...
Bitcoin electricity
Bitcoin Heating? Bitcoin mining or cryptocurrency mining has been widely vilified for it’s environmental impact. Why it does draw a huge amount of energy, more and more of it is coming from renewable sources and ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.