Three Ways to Avoid a Data Breach: A How-To Guide

Since the beginning, humans have created ‘how-to guides’ to help with just about anything. Information sharing is the bedrock of villages — whether in ancient, modern, or future times — and is constantly evolving. From back in the caveman days with paintings on the wall instructing others how to hunt to in this day and age with directions on how to build an IKEA coffee table, we have always relied on outside input to help us in our daily practice from cooking to assembling and even in cybersecurity.

A prevalent security issue today is a data breach. In a recent survey conducted by SailPoint partner EY, cyberattacks and data breaches are the second most concerning risk for CEOs in the coming year. Leadership’s pause for concern is spot-on as the number of data breaches this year alone will require a like-minded mentality to overcome together.

Live Webinar on 7/22 | Work from Home: Identity and Access Governance and Data Breach Risks

So far this year, almost 4,000 data breaches have been confirmed. For scale, 7,000 breaches were reported in 2019. A correlation in the uptick of data breaches might be because of the global pandemic, as businesses and IT teams grappled to enable a remote workforce by overprovisioning users. Hackers are always looking for disruption in security and COVID-19 is no exception.

Additionally, data breaches have become so common and have impacted so many people that this headline chronicling “15 of the biggest data breaches in the 21st century” is not shocking. It is par for the course, but it does not make it any less stressful. Today more than ever we need to be vigilant, relying on fundamentals to help guide the way.

Stop one: Adopting an identity first mindset

The first stop on our guided tour is the most important: adopting an identity first mindset. Some will say identity is just about providing access to applications, but identity is not only access; it is much more than that. Think of identity as a ‘map’ (guide) to your ‘city’ (organization). Identity does not just say ‘who’ can have access but ‘what’ they can have access to and if they should even have the access to begin with. Identity governs all aspects of a users’ access needs across the business, and now identity can do that autonomously with the aid of AI and ML—all in the cloud. The AI/ML piece is important to note- 67% of IT practitioners believe the use of automation would increase their organizations’ ability to prevent cyberattacks and data breaches, according to the Ponemon Institute.

Stop two: Analyzing access requests  

Second stop and we have a question on the tour: what happens when a user leaves an organization? Would they still have access to all the ins and outs that is required when doing their previous role? The unfortunate reality is that 1/3 of folks still have access to company files after they have left a company. Visualizing the various pathways users can take to access unstructured data can be challenging to manage and control. Ultimately, organizations should seek to normalize permissions across the enterprise. In an age where malicious requests can come from seemingly legitimate users, removing stale permissions by routinely creating reports based on last-accessed services is imperative for enterprise security efforts—something identity can help with.

Stop three: Figuring out where your data ‘lives’

The final stop on our guide is understanding where your data lives. We found 88% of businesses are not governing access to data stored in files and folders as they should.It is necessary to be fully secure to not only protect access to the data in applications and databases, but also to manage the creation, download, and upload of unstructured data. Something as simple as creating a presentation can yield multiple files stored in different locations and distributed widely as an email attachment. A security solution that does not involve protecting unstructured data leaves gaping holes in its coverage and leaves organizations open to data breaches and regulatory penalties for non-compliance. With this context, your organization can see everything, govern everything, and empower everyone. This sounds like makings of a strong city fortress.