Tips to Avoid Being the Next Data Breach Victim
Hackers are having a field day in 2017, that is, if the findings of the latest Breach Level Index report from Gemalto, a prominent digital security organization that tracks data breaches, are to be believed. According to the report, up to 1.9 billion data records were compromised in the first half of 2017, representing a 164% increase from the previous 6 months.
Cyber attacks, it appears, are increasingly becoming sophisticated and the cyber war between hackers and organizations has turned into the proverbial game of the cat and the mouse. You are only a small step away from a potential data breach and any complacency on your part will, more often than not, be punished.
If you don’t want to be the next data breach victim, here are some tips for you.
Train your employees
All human beings make mistakes—and nobody seems to make the most of this fact than hackers. According to several reports, human error is already the leading cause of data breaches. Some reports have even cited human as a contributing factor in over 90% of successful data breaches. Cybercriminals are increasingly using socially engineered attacks such as phishing scams to lure insiders within organizations to inadvertently give them access to sensitive information.
Therefore, every organization should view a security-conscious staff as an integral part of its data security infrastructure. At the very least, all employees with access sensitive data should be trained on how to identify and respond to common security threats, educated on the dangers presented by the bring your own devices (BYOD) program and regularly assessed to test their security awareness levels.
Encrypt your data
A 2012 study by the Ponemon Institute found out that 60% of companies whose data was breached did not have any form of encryption. The proportion could be higher in 2017. If your organization allows your clients to key in personal data on your website, you need to convert your site to HTTPS using SSL/TSL certificate to secure their data from third-party interference while in transit.
HTTPS enabled website renders the communication unintelligible to any third-party listening in. You can acquire & install SSL certificate from a trusted Certificate Authority (CA) authorized SSL provider such as CheapSSLShop.com for low cost SSL and quick assistance.
Restrict data access
External attackers are not the only threat to your organization’s sensitive data, malicious insiders may even pose a greater threat. A third-party vendor, a terminated employee or a disgruntled employee may steal or leak company data for various reasons including financial gain and for future career-building purposes. According to the Gemalto’s Breach Level Index report referred to earlier, the number of sensitive files or records that were either stolen, compromised or lost my malicious insider skyrocketed from half a million in in the last half of 2016 to a 20 and a half million in the first half of 2017.
To minimize this risk, limit the number of people who can access the critical data of the company. You can do this by devising and implementing a data security policy that would, among many things, grant employees different levels of access to company data according to their job descriptions or allows data access on an as-needed basis. Let the number of people authorized to access the most sensitive data of the organization be limited to a small trusted group.
Moreover, encourage the use of strong passwords for administrators and use VPNs and firewalls to protect your network.
Keep everything up-to-date
Keeping all software up-to-date may seem like a routine cybersecurity task but many data security professionals are in the habit of taking too long to update their organizations’ software and sometimes, too late. Equifax, the consumer credit reporting agency, is the latest high-profile victim of a preventable data breach the occurred because their staff to apply a security patch of a web application for two months. In the breach which occurred in May 2017, personal data of 143 million people were exposed.
Cybercriminals use malware attacks to cause data breaches, many of which depend on a security vulnerability in their target’s system to execute successfully. That is why software companies create security patches every so often which, if installed in a timely manner, will foil the latest malware attacks. Therefore, create a habit of updating all software and operating systems in a timely manner and applying security patches as soon as they are available.
Backup your data
In a data breach, crucial organization or client data may be lost forever. Many victims of ransomware have been forced to pay up in a bid to recover sensitive data for which they had no backup for. Therefore, regularly backing up crucial data should not be taken for granted.
The best practice is to back up your data in more than one place. You can back up data on removable drives, hard drives or in the cloud.
Keep only necessary data
The less the data that an attacker can breach, the less the risk and damage. Many organizations err in collecting unnecessary client data. When such organizations are breached, the damage can be catastrophic. Therefore, only that information that is relevant to your organization should be collected. Furthermore, purge all sensitive but outdated data early and often. The purging should be done thoroughly because there may be clones of those files somewhere else in the computer.
Prepare for the worst
Sometimes, even against all odds, the worst happens. Having a disaster management plan beforehand will help your team respond decisively to the situation, control the damage, and prevent customer backlash.
To test the disaster management plan, experiment with a mock disaster.
While these practices will not make your system hack-proof (no system is ultimately impregnable), they will frustrate and make things harder for a hacker. And most of the time, that is exactly what is needed to thwart a data breach. Implementing these tips will also mitigate the damage that might result from a breach, reduce the risk of an internal breach, and help your organization formulate a data backup plan.