As access to the internet has become a lot easier over the years, we have likewise witnessed an increase in data breaches. From the government and private firms down to individuals, pretty much everyone is susceptible to data breaches. Besides financial losses and loss of privacy, data breaches can be an outright nightmare.
What is a Data Breach?
A data breach is when a cybercriminal infiltrates a private database and goes on to release such sensitive information without authorization. Aside from the infiltrating private data, a breach also includes copying, transmitting, or using the data in any unauthorized manner.
When a data breach occurs, information such as your personal information, intellectual property, financial information, company trade secrets, software codes, clients’ details (as in the 2016 Uber data breach case where over 57 million customers and drivers personal information was stolen by hackers), etc., can be compromised. Also, in various countries, there are regulations on the failure of an organization to adequately protect consumer data or report data breach when it can amount to a fine.
For a variety of reasons, a cybercriminal can find loopholes that allow them to hack into your database such as loopholes can include:
- Weak password
- Human error and process failure
- Keylogging activities
- An unfixed, old system
- Malware, etc.
Thus it’s becoming very important to keep your database highly secured and take all the necessary precautions to prevent data breaches. Below are some steps you can take to protect your data:
Carry out Regular Security Audits
For organizations, regular audits can be carried out to identify potential new gaps in compliance or governance. These audits are a means of validating your security posture. When carrying out a security audit, the organization’s security policies and how it handles data must be tested against vulnerability to hacking.
The importance of these checks is that they do not only keep your data safe but in the case of eventualities, you have a recovery plan to fall back on. Some simple checks while carrying out a security audit include:
- The documented security policies of the organization
- Security management, escalation profiles, and tracking mechanisms in place
- A procedure documents and handbook on steps to take in the event of a data breach
- Security mechanisms in use, e.g., next-gen firewalls, IDS/IPS, EPP, etc
- Available log monitoring and security setup
- Encryption and password policies
- The software update; in 2017 the failure of Equifax the credit reporting company to fix and unpatched Apache Struts framework in its database, it lead to a cybersecurity breach compromising the personal details of 143 million Americans
- Data backup, disaster recovery, and business continuity plan procedures
- The room to test applications in case of security flaws
- Intervals at which the security audit logs are reviewed
- How data is handled, disposed of, or retrieved by the staff.
Train Staff On Security Awareness
Cybercriminals are well aware of the fact that human errors are bound to happen, so they use this to their advantage. One way to reduce human error to the barest minimum is to train your staff on how to look out for indicators that can lead to a data breach. Staff should also be well informed on the organization’s security policies. Some training points to note include:
- During such training, staff should be educated on how to identify fraudulent emails that can endanger the organization’s entire business network.
- They should also be educated on how to safely navigate the internet and make use of unique passwords on computers and devices used within the workspace.
- Also, staff should be trained in reporting suspicious activities that can amount to a breach and leakage of data.
- The staff should also be trained on network segmentation, i.e., separating basic information from the more sensitive information. For example, the 2014 hack of eBay, where basic information was separated from financial details, the positive takeaway from this was that the hackers were not able to get to the sensitive data from eBay’s sister site PayPal.
Though it may seem like a tedious task, it is an important security measure to take. When you carry out extensive training, this means the organization is well equipped with a workforce that can add protection against a threat prone landscape.
Comply with Data Protection Regulations
Complying with government cybersecurity regulations is key to keeping an organization accountable for how private data is managed. When there is a prioritization of protecting sensitive content, then the chances of countering data breaches are higher.
In recent times it is clear that consumer privacy laws and in-depth regulations are becoming more common on a global scale. Some of these regulations cover general cybercrime regulations such as the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR). While other laws are industry-specific, e.g., Payment Card Industry Data Security Standard (PCI DSS) or the Health Insurance Portability and Accountability Act (HIPAA).
These regulations cover areas such as:
- Who may handle and use sensitive PII like credit card numbers when credit card details are being transmitted
- Who gets access to see and use protected health information such as a patient’s name or Social Security number
- The time frame within which an organization is obligated to inform customers and the government about sensitive data that has been leaked
- Fines to be paid by an organization when they fail to comply with the regulations. The GDPR fined British Airways $230 million in 2019 for inadequate data security management. This fine is reported to be the highest data breach penalty to date.
While cybercrime might not be going away anytime soon, it is essential not to get desensitized to data breaches and information leakage. It is more beneficial to take active steps towards keeping your data, especially the sensitive ones secure. And even though the measures may not be data breach full proof, we all need to start from somewhere.