Data breaches are one of the most common computer security incidents. This kind of problem can be caused in two ways; on the one hand, malicious cyberattackers can cause data breaches. However, on the other hand, these incidents can at times be caused by insufficient protection measures applied to the sensitive information that companies and organizations handle.
Recent experience shows how serious and frequent these breaches can be: Over the last few months, serious breaches have come to light in Decathlon, financial institutions, platforms such as Disney Plus, and even in databases containing the information of as many as 1.2 billion people.
What’s more, these experiences show that in the fight to avoid data breaches, it is never a good idea to adopt a reactive position. Instead, organizations should be proactive, implementing mechanisms to allow them to foresee any problem even before it can materialize. In this sense, there is a series of measures that organizations should take:
1.- Data classification
It is a good idea to organize the whole organization’s data and private information. Once collected, it needs to be classified and ranked according to how important it is and how it needs to be protected. This is important because in an environmental consulting company, for example, the data regarding the addresses of its international headquarters will never be as important as the personal information on its users or its clients’ billing information. This is why ranking is so important, so as to ensure that not all data is stored in the same place.
Once these rankings have been established, the organization must separate this information and store it, ensuring that its location is isolated and independent. The most critical data, as far as possible, should be stored on properly protected servers that are, above all, not connected to the Internet. In addition to this, physical backups should be made so that, if there is a data breach, no information is lost.
2.- Access and roles
In the same way that the information is ranked, the organization’s staff should be classified. This means establishing differences between different work teams, and above all, clearly defining what kind of information each person can access depending on their role in the organization. This will give a clear idea of the extent to which confidential information is available to a greater or lesser number of people.
On the other hand, the classification criteria must be periodically reviewed. This measure helps ensure that, when employees change areas, they don’t have access to information they no longer need. Moreover, when new categories of data are added, the criteria should be reviewed and updated to determine who can access this data.
3.- Password Policy
It is not enough to have credential protection solutions if the passwords themselves are too simple to avoid being discovered. The policy must therefore be strict, as well as being reviewed periodically to update credentials. This way, if there is a breach, the leaked passwords cannot be used after the fact.
4.- Post-breach analysis
Sometimes data breaches can occur even if some cybersecurity measures have been taken. This is no way means that the organization should give up on its protection policies, however. In this case, the company will have to reinforce these policies, as well as determining how the breach happened to ensure that it cannot happen again.
For these reasons, the organization must clearly establish where the breach started, how the cybercriminals got in, how and why they accessed the stolen information, how had access to it, and ultimately, what security and prevention mechanisms failed to allow the vulnerability to be exploited.
All of this involves including a system to manage and monitor the personal and sensitive information the company stores on its endpoints. To this end, Cytomic Data Watch is available to Cytomic customers. It monitors the files stored on devices, searching for personal and sensitive data, and it allows you to delete files from a single console to mitigate risks. What’s more, in the background, Cytomic’s EDR capabilities monitor all endpoint activity and offer continuous, comprehensive and detailed visibility of everything that is happening.
As has been demonstrated in many cases, data breaches are a serious security problem that can have grave economic repercussions. Organizations must follow a proactive strategy to protect their data and confidential information, using advanced solutions that allow them to properly classify their data, who is accessing it, and constantly monitor it to avoid any kind of problem.