How to Help Prevent a Data Breach
Data breaches are a fact of life.
Fact: The Equifax data breach of 2017 impacted over 145 million people and exposed extremely sensitive financial data including social security numbers, birth dates, addresses and more.
Fact: In October 2017 Yahoo revealed that every one of Yahoo’s 3 billion accounts was hacked in 2013. This was three times what was first thought and considered one of the largest data breaches in history.
Fact: In 2017, hackers behind WannaCry demanded money to unlock files of more than 300,000 machines that were hit across numerous countries and industries, including health care, finance, legal and more.
Fact: In June of 2017, the computer virus NotPetya targeted businesses using compromised tax software. The malware spread to major businesses, including FedEx, mega ad agency WPP, the Russian oil giant Rosneft, and the Danish shipping firm Maersk.
Fact: FedEx attributed a $300 million loss to the attack. The company’s subsidiary TNT Express had to suspend business.
Three Types of Data Breaches
There are three broad types of data breaches.
- Data Access Breaches: This type of breach occurs when users who do not have permission to the data are able to gain access, but without changing any records. Users who gain data access without permission can be internal, ie, firm employees, vendors or partners, as well as external unknown entities. Often this illegal access is not discovered for weeks or even months after the breach occurs.
- Data Modification/Corruption Breaches: This type of breach happens when users without permission gain access to data which they then modify or corrupt. Some of the more nortorious breaches, like the WannaCry virus, are in this category. Typically the data is encrypted or otherwise modified and ‘held hostage’ by the illicit user – until some ransom condition like a payment is achieved.
- Data Eradication Breaches: Examples of this type of breach are viruses or users who willfully delete data. Although more rare than the other types of breaches, this form of breach is potentially catastrophic to a firm.
I’m Safe from Data Breaches Because I’m a Smaller Firm, Right?
According to a report by Small Business Trends, smaller businesses face the same data breach dangers the mega-enterprises do, including:
- 43 percent of cyber attacks and data breaches target small business
- Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective
- 60 percent of small companies go out of business within six months of a data breach cyber attack
- 48 percent of data breaches are caused by acts of malicious intent. Human error or system failure account for the rest
Let’s face it, a data breach can happen. And according to the stats it probably will happen to you at some point in the next few years.
So what can you do to reduce your risk of a data breach?
How to Help Prevent a Data Breach
Although no system is perfect, creating layers of security can greatly help to reduce your risk to a data breach. Here’s a high-level roadmap for how to do that.
- Use Strong Passwords: Among the recent embarrassments the State of Hawaii faced after the missile threat false alarm was a picture of a workstation published online that included a sticky note with the password for the system on it. Use strong passwords and require new passwords be created on a consistent basis, once every 60 or 90 days is typical.
- Invest in Antivirus Software: Antivirus software is designed to keep on-going and current lists of all viruses. This list is checked each time a computer accesses files or websites. The antivirus software can detect, block and prevent viruses from entering a computer system. Employees can accidentally download viruses that are masked as normal communications. Using antivirus software acts as an early warning system and protective layer.
- Firewalls: Firewalls are designed to monitor incoming and outgoing network traffic based on a set of configurable rules. Firewalls separate your secure internal network from the unsecure Internet. Firewalls can also provide secure virtual private network (VPN) connections for remote workers.
- Update and Patch Management: Software can be vulnerable, with hackers exploiting code that can be used for unintended purposes. Being vigilant with update and patch management is a core part of the protection layer.
- Stay informed and educated: Cyber threats are constantly evolving. Because of this it is important to keep educated on the latest trends in security. Focusing on where the new threats may come can help inform changes or additions that may need to be made to your security layers.
- Security Training: Many data breaches can be attributed to a human error. This includes; not updating or patching software, opening the “wrong” attachment, accidentally downloading a virus, and more. Regular security training for employees is the most overlooked, yet probably most effective layer in preventing a data breach.
Reducing the Damage of a Data Breach
The layers mentioned above can help to reduce the risk of a data breach. But because cyber threats are constantly evolving plans must also be in place should a breach happen.
The important point to address is how to return to operations quickly if you do suffer a data breach.
Assuming your data breach included corruption or loss of files, adding a second layer of protection should include the following elements.
- Keep a complete backup of all data: Use a cloud backup system to keep a copy of all data. Many companies backup their website, their applications and databases daily. Firms using Office 365 and other office productivity suites tend to backup their emails, attachments, files, calendars and more on an ongoing and consistent basis.
- Conduct ongoing automated backup: The secret to reducing the risk of data is ongoing and consistent backup activity. This means automating the process of continually backing up all data on a daily (at a minimum) basis. Use a system that provides a ‘set it and forget it’ automation function.
- Keep all activity in a single pane of glass: Keep it simple! Use a ‘single pane of glass’ administrative dashboard to control all activity associated with backing up and archiving all your data.
- Restore data easily and quickly: If the worst happens and your data is compromised due to a breach, don’t panic. Use a system that will restore your data with a single click. Reduce wasted time in trying to juggle multiple systems to find and restore your data.
These tips are useful for helping survive a data breach. It’s important to remember that a system needs to simplify your administrative work. This includes making it easy to administer and restore data before, during and after a breach.
When a data breach happens, you can count on your stress level being very high. By using a layered system that simplifies your effort you can help reduce the damage caused by a data breach.
How to Help Prevent a Data Breach
By using a system of security layers you can help prevent a data breach. This system should include multiple layers of accessibility and security including; employee training, password control, strong antivirus software, using firewalls, adding update and password management and finally staying educated and informed on the latest trends in cyber security threats.
In the unfortunate event that a data breach does happen and data is corrupted, it is important to recover quickly. Using a layer of data backup and archiving will help you get your business back up and running quickly.