With data breaches growing in frequency, it’s become a high priority for both public and private entities to find effective ways to prevent them. This is because the fallout from a data breach can be enormous in terms of reputation and costs. The average cost of a breach in the U.S. is $8.19 million, which is more than double the worldwide average according to the IBM 2019 Cost of a Data Breach Report.
Knowing how to best prevent a breach and respond if your organization is a victim of a data breach starts with being prepared. Here are 10 tips for preventing or handling a company data breach.
#1. Conduct an IT assessment
The first line of defense in preventing a data breach is to conduct an IT infrastructure assessment, which comprises:
- Taking a detailed inventory of all hardware and software
- Identify all vulnerable endpoints
- Define sensitive data
This sets the stage for developing a data breach readiness strategy as part of a cybersecurity strategy, which includes policies and tools to prevent and respond to a company data breach.
#2. Perform a Vulnerability Assessment
There are many reasons to conduct a vulnerability assessment as the next step after an IT infrastructure assessment. As a key part of your security strategy, you catalog all the IT infrastructure and assign a value to each one.
This makes it possible to identify the vulnerabilities and threats to each endpoint and asset using techniques like vulnerability scanning and penetration testing. By assessing the likelihood and potential impact of each risk, you can prioritize measures for mitigating the most serious vulnerabilities for your most valuable resources.
#3. Develop a Security Policy and Incident Response Plan
Public and private entities need a written information security policy that establishes data collection, classification, handling, storage, retention and security controls. This requires a means for automated data discovery and classification.
Establishing an incident response (IR) plan that governs how you handle data breach covers:
- Preparing for the IR process
- Detecting and analyzing the breach
- Containment, eradication and recovery
While the security policy governs how systems and data are protected to prevent a breach, an Incident response plan covers what the company will do following a breach. These are two aspects of an overall cybersecurity strategy that works together to deal with the prevention and detection, remediation and recovery life cycle of breach readiness.
#4. Use Encryption
Using software-based or hardware-based data encryption helps public and private entities protect sensitive network data at rest and in transit. Data encryption makes data unreadable by anyone that may gain access without the encryption key. This process should include portable and mobile devices that can receive or store sensitive data.
#5. User Authentication and Identity Management
Authentication and identity management must cover client-side authentication such as username/password combinations, tokens and other techniques. It also covers server-side authentication, which uses certificates to identify trusted third parties. Authentication determines whether a user, server or client app is who/what it claims to be.
Identity management focuses on how granular user access permissions are handled by the administrator across all systems, platforms, and the cloud along with encryption key access. User permissions, passwords and advanced user authentication processes like multifactor authentication clearly play a major part in preventing data breaches.
#6. Enforce Restrictive Data Permissions
The goal of restrictive data permissions to provide users with access to only the systems and data that they need to do their jobs efficiently. That means giving administrators the tools to create highly granular access privileges for groups and individuals to resources, systems or data.
This increases the security across all physical systems, cloud services and endpoints within and beyond the network.
#7. Network and Cloud Monitoring
You should also be monitoring your systems for common indicators of a compromise. These can be software tools used on site or offsite by security and monitoring experts to monitor network activity and applications in the cloud among other endpoints.
#8. Educate Employees
Public and private organizations must educate employees on best practices for cybersecurity good hygiene habits that prevent data breaches. This should include how to avoid clicking on a phishing link or storing unencrypted data to a desktop or mobile device and how to protect sensitive data.
Handling a Data Breach
While all the tips so far go a long way to preventing a data breach, they can still happen to your organization. These last two tips deal specifically with how to handle a breach once it’s discovered.
#9. Stop the Breach and Assess the Damage
Once an organization notices a breach, it’s important to contain the breach as quickly as possible by:
- Isolating any system(s) accessed by the attacker to prevent further spread
- Disconnecting breached user accounts
- Suspend operation of a specific department that was targeted
- Reformatting assets and restoring them based on a business continuity and disaster recovery (BCDR) plan
- Blacklisting an IP address from where the attack originated
Once the attack has been stopped and eliminated, the next step is to investigate it and assess the damage it has caused to the organization. During the assessment, information that should be identified includes:
- Determining the attack vector
- Method of attack (social-engineering tactics, user accounts, etc.)
- Breached data sensitivity
- The type of data affected
- Determining if data contains high-risk information
- Was the data encrypted and can it be restored (did the company backup their data)?
#10. Regularly Audit Your Infrastructure
IT infrastructure audits let you know what has been changed, when it was changed and how it was changed across all systems hardware, and software. This knowledge is crucial to evaluating the effectiveness of security controls and risk identification. In addition to improving security, internal audits help you prepare for compliance audits.
The mix of policies, tools, and procedures that must be developed, implemented and governed can be time consuming and complex. Some of the procedures like IT assessments and Infrastructure audits require the expertise and certifications from outside support.
Even public and private organizations with an in-house IT team can benefit from the third-party support of a managed security services provider (MSSP). They bring the expertise needed to support the development of a comprehensive cybersecurity strategy that includes breach readiness and incident response.
Armed with the understanding of these tips and the need for dedicated IT security experts that can augment your in-house IT team, you can know how to identify the right MSSP. Together, you can develop a plan for preventing and dealing with a data breach that ensures the business will be protected in an evolving threat landscape.