Data breaches pose a serious risk to the enterprise, with consequences ranging from financial loss to reputational damage. Both the number of data breaches and their average costs break new records year after year. But many data breaches are preventable through a series of fundamental defenses.
While specific strategies depend on each organization’s circumstances, following best practices improves the company’s ability to prevent a data breach. This article takes a look at some of the essential steps to consider.
What Is a Data Breach?
A data breach is a cybersecurity incident that results in the unauthorized disclosure of sensitive, confidential, or protected data. A breach is different from an incident in that the data compromise is confirmed rather than suspected.
Data breaches are not always the result of a cyberattack. They can also occur due to internal actors, such as employees and partners—whether they’re acting maliciously or negligently. The data exposed may include:
- Personally identifiable information (PII) such as name, date of birth, email address, and national identification (e.g., Social Security number)
- Protected health information (PHI) such as treatment and medical diagnosis
- Financial details such as credit card or bank numbers
- Information considered protected under specific government regulations (e.g., biometrics)
- Intellectual property, such as proprietary research
No organization, regardless of size, is immune to a data breach. Although threat actors often target organizations perceived or known to have more valuable data, any company can be caught in the cross-hairs of an attack. Data breaches are also a target of opportunity—with cyber attackers constantly scanning for potential victims that they can easily compromise.
Industries Often Targeted for Data Breaches
Data breaches affect both private and government organizations across all industries. However, some sectors, such as highly regulated industries, are more frequently targeted. These include:
- Financial institutions — the majority of data compromised in financial sector breaches is personal information, with banking information a distant second. This data is especially valuable for fraud and theft schemes against a financial institution’s customers.
- Healthcare providers — PHI is typically more prized on the dark web, and about half of the data exposed in healthcare breaches is medical. This sector is also a compelling target because it lags behind others in cybersecurity maturity, and the complicated environment within healthcare organizations creates additional barriers.
- Government organizations — local, state, and federal agencies are attractive to cyberattackers not only because they hold vast volumes of PII, but also because they deliver critical services. For example, double-extortion ransomware attacks—where attackers both encrypt data and steal it to compel victims to pay—may be more lucrative when the target is a municipal utility that is more likely to pay the ransom to avoid mass service disruption.
Enabling Data Breach Prevention
Data breach prevention relies on three aspects of cybersecurity: people, processes, and technology. A successful strategy should address all three components, and they often intertwine. Below are ten steps every organization should take to enable data breach prevention.
Establish Data Encryption
Encryption is a best practice that ensures data can’t be accessed without authorization in the event of a compromise. While many organizations encrypt the data they store (“data at rest”) they may overlook encryption for their communications, when the data is “in transit.”
Proactive organizations also require encryption for sensitive emails and ensure that collaboration tools use end-to-end encryption if employees share confidential data in those channels.
Properly Secure Computers
Implement both physical and digital security protocols for all computers and other devices. Computers should automatically log out the user after a certain inactivity period to prevent anyone from accessing files when employees walk away from their workstations and forget to log out. Other security measures to consider include firewalls, antivirus / antimalware software, and regular software updates.
Utilize Cybersecurity Solutions
Antimalware and antivirus software only helps protect systems from one type of threat, and it’s important to have a multi-layered defense strategy. Consider additional cybersecurity tools, such as endpoint detection and response, cloud security software, password management, and threat detection and response platforms.
Consistently Update Login Procedures and Protocols
Compromised passwords cause a large portion of data breaches. Cybercriminals can easily and cheaply procure stolen logins on the dark web and use them to launch a variety of password attacks. As a defense, adopt strong login processes and procedures—including secure password management and privileged access management—and review and update those protocols regularly to ensure they remain effective as organizational needs and the environment change.
Set Up Procedures and Protocols for Lost Devices
Workforce mobility allows employees to work on their laptops and mobile devices from anywhere, and a password or personal identification number (PIN) is not adequate for protecting unauthorized data access in the event of a lost or stolen device. A device management program, including remote wiping, gives the IT team the ability to take quick, proactive measures by erasing the data on a device.
If employees use their own devices for work purposes, a device management program also enables the company to erase corporate information while leaving their personal data intact.
Prohibit Use of Work Computers for Non-Work Activities
Hybrid workplaces are becoming the norm, and employees’ personal and work lives—and spaces—constantly comingle. Consider a policy that prohibits employees to use corporate-owned computers for personal activities, and enforce this policy with technology. This limits risks such as employees installing consumer-grade applications that offer low levels of security.
Ensure Drives are Wiped Clean Before Disposal
Before the IT team disposes of computers and other electronic devices, ensure they follow organizational policies to completely wipe or reformat all drives. If devices that contain sensitive data are not wiped immediately after they’re no longer in use, physically secure them until the procedure is complete.
Store Physical Records in a Secure Offsite Location
While digitization trends are reducing the need to store physical records, many organizations are still a long way from going completely digital. Enterprises that retain printed documents containing sensitive and protected information should apply the same high level of security as they would to digital records. Consider storing them at an off-site location that has restricted access, as well as enhanced security controls.
Implement a Data Governance Policy
Implement a data governance policy and process that ensures all organizational data is properly handled throughout its lifecycle—including proper disposal of the data that the company no longer needs and is not required to keep. As with data storage, these policies should cover the secure disposal or destruction of both digital and physical documents.
Require Consistent Employee Training
As many as 95% of cybersecurity issues are due to human error—whether it’s intentional or accidental—and an estimated 85% of data breaches involve a human component. One technique frequently employed by cyberattackers is social engineering; cybercriminals are adept at manipulating human behavior to compel certain actions, such as convincing employees to click on malicious links or download harmful attachments.
Employee training is an effective technique for reducing this risk. The enterprise’s employee awareness and training program needs to be ongoing and consistent, educating employees about the always-evolving threats and current best practices.
Identity Security Tailored to the Enterprise
SailPoint enables you to secure your enterprise and empower your workforce with the Identity Security Cloud. Schedule a demo to learn more about how SailPoint can support your cybersecurity programs.