The story still strikes fear into the hearts of IT departments: As many as 70 million credit- and debit card accounts were compromised in less than a month during the Target data breach. While Target’s internal security team was using all of the right protocols, it was an external contractor who ultimately provided the way in. No matter how locked down an IT department is, most breaches occur when a third-party provider is involved, allowing the leakage of critical data such as passwords or IP.
Any business running multiple cloud-based apps—and today, that’s most of us—runs a high risk of exposure through data leakage. Here are five ways to keep data protected, and secure this year.
1. Identify critical data
First, businesses must recognize how to identify their own critical data. This means being able to categorize what data is in need of the most protection and how to utilize data loss prevention (DLP) software to protect any sensitive information. Depending on industry, this could mean PHI, financial statements and blueprint or strategy checks.
Since DLP relies heavily on proper classification of information, organizations should actualize a data protection strategy, primarily targeting sensitive documents and their handling. This is a progressive strategy; you can’t tackle everything at once. First, classify types of data to the concise policies of your organization. Prioritize small modules and target key endpoints to provide employees with learning opportunities before wider deployment. Then take an objective review period for initial results.
2. Monitor access and activity
The next step in preventing data leakage is to closely monitor traffic on all networks. The ability to automatically discover, map and track what is deployed across your entire business infrastructure provides a picture of your network in real-time.
Because the average hacker conducts reconnaissance within a network for six months before actually breaching a system, businesses need to identify anomalous behavior before a breach occurs. Monitoring tools supervise access and activity, notifying administrators of red flags when an employee downloads, copies or deletes information.
A Data Activity Monitoring (DAM) solution can provide another layer of protection by detecting unauthorized actions. While a DLP’s focal point is on network and endpoints, DAM targets database activity. Using both solutions concurrently provides broader protection through the layered use of monitoring and alerts, and blocking suspicious users or activities remotely.
3. Utilize encryption
If your business has not already done so, you should consider encrypting any private, confidential or sensitive information. While encryption is not impenetrable, it remains one of the best ways to keep data secure. A carefully implemented encryption and key management process renders stolen data unreadable and useless.
Enabling encryption across different points of your network—including data at rest and in transit—can provide significant protection from even the most advanced attacks. Businesses should enable a layered defense system through proactively monitored and managed encrypted networks.
4. Lock down the network
Being able to lock down your network needs to be be a primary focus of prevention efforts. With the rise of mobile technology, data leakage also is experiencing an uptick. While many employees are aware of the steps that must be taken to safeguard sensitive data, some simply do not recognize their practices as unsafe. This can be mitigated by frequent tutorials and practice testing of good practices.
5. Endpoint security
Since data also leaves networks through exit points within IT infrastructure, businesses can more effectively manage data loss risk by choosing DLP solutions that monitor and act at these exit points. This allows IT staff to determine what confidential information is leaving and when and through what specific channel or device.
With the BYOD trend growing in businesses of all sizes, endpoint management needs to be an essential part of your company’s security. Securing BYOD has become much more difficult, due to both geography and the multitude of platforms that must be supported, but the placement of effective controls can enable companies to follow the movement of data.
Retaining central control with the ability to monitor personal devices connected to corporate networks allows holistic observations of your network. Without this endpoint protection, data breaches can go unrecognized for longer periods of time, exacerbating vulnerabilities.
Beyond the fundamental steps to secure data, such as network firewalls, intrusion prevention systems, secure Web gateways and endpoint protection tools, more effective threat response begins with advanced security monitoring, as previously mentioned. Employing effective security technologies, as well as implementing best practices, can go a long way in preventing data leakage.
A multi-step solution
The keys to preventing data leakage are manifold. Identifying critical data, monitoring access and activity with a combination of DLP or DAM solutions, utilizing encryption, retaining control of your network and using endpoint security measures all equal a fine-tuned and customizable program to protect your entire organization.