Today more than ever we live in a digital world that changes faster than we can protect the files and data we have stored. There is no silver bullet or magic solution to preventing a data breach, but there are important steps you can take to protect your data. There are technically a few different kinds of data leaks such as an internal source or an external source. Despite companies taking action and being proactive it seems that data breaches have increased in numbers year by year. It can feel like a never ending game of cat and mouse because actually it is. Each time companies find a new way to secure or protect data it seems like criminals find a better way access that data and then there is internal leaks caused by human error.
Data is valuable and there are a wide range of things that can be done with hacked, leaked, or stolen data. The most common type of data targeted by the hackers and cyber criminals include names, date of birth, social security numbers and sometimes credit card or debit card numbers. Health records are the most valuable on the black market and dark web. A social security number can be purchased for around $15 and someone’s health records can sell for as much as $200. There are so many different ways that data breaches can occur, but there are simple steps anyone can do to at least cover the very basics of cyber security.
These are the very basic steps you should take to prevent data security breaches.
1. Secure Your Data and All Information You Store: Not all information is super sensitive, but this data can be used as a puzzle piece to build a much larger picture. As a best practice you should assume that all information must be protected wherever it is stored, sent, or used.
2. How data is transferred internally on devices: Your company or organization should not allow members or employees to shift or share data from one device to another external device. This is a surefire way to get in to trouble and increase the chances of a data leak if that device, flash drive, external HD is ever lost or stolen. Don’t think it can’t happen to you!
3. Restrict downloads: There was a case recently where a low level federal employee infected a U.S. government network with malware after downloading several thousand pornographic images, videos, and malware in the process. All of this while at work and on his business device. Any unnecessary media should be restricted to download. This could reduce the risk of installing spyware, malware, or other backdoor exploits that would callow cyber criminals to transfer downloadable media to an external source.
4. Securely Deleting Old Data: The organization should completely wipe out all the files and folders before disposing of computers, storage equipment, or external drives. There are many applications that can retrieve information after it has been deleted. Think of your hard drive as a physical record where the data is still there until it has been overwritten. This is why it is important to use software that will erase, write and erase multiple times until the data can never be retrieved.
5.Do not allow any unencrypted devices for business purposes: Unencrypted devices are a recipe for disaster. It is like storing everything in your living room and leaving the front door open and unlocked. Then when someone comes in and takes everything you wonder why and how it happened? Laptops and other portable devices that are unencrypted are like a welcome sign for anyone who wants that data, where if it was encrypted it would make the data basically worthless to criminals.
7. Passwords, Passwords, Passwords: We have seen it a million times where people get lazy and use the same password or a simple word+number combination. There are databases of passwords for sale on the dark web of major leaks from Linkedin, Yahoo and many others where criminals buy them and feed them in to software that automatically tries to login to thousands of targets. If that password was every leaked it increases the chances of them getting in. Use strong passwords and change them often. This is the weakest link so why not take the simple step and make it secure?
8. Hire a 3rd party to identify threats: Bring in independent auditors to identify vulnerabilities in your network, suspicious network activity and to help you prepare for any crisis or data leak. They can also identify if any private data is publicly accessible. Hiring outside experts can also help you plan a breach response. A high profile data breach could not only harm the reputation it could result in lawsuits, fines, and even going out of business. It is extremely important to breach response plan that provides a quick response helps to reduce the damage. Key steps, notifications and being prepared could make all of the difference when it comes to containing the breach.
9. Restrictions and Permissions: If you are a large company or a small company you may not want the janitor or new hire customer service rep. to see earnings statements or tax data? Restrict permissions to only those who are working on company’s sensitive data and track logins. This could not only prevent problems in the future but will identify who accessed what data and when.
10. Data Security Training and Education: Most companies this only about sales and profits. Sure, they value their customers and employees, but they fail to realize that data is now extremely valuable. Data is a target for hackers and even competitors (Chinese state sponsored corporate espionage). It is important that you and everyone is serious about education and awareness when it comes to a data breach. Be proactive and use the mindset of not if it happens but when it happens.
These simple steps can help you avoid a costly and damaging mistake that could have been avoided. If you are concerned about taking action and making a data breach response plan or the worst has already happened and you need help? Contact us and we would be happy to hear your concerns and how we can help you. We have experience on both the data discovery aspect and helping with data breach recovery and protection.