Data leaks and data breaches can cause serious damage to an organization. According to , a company known for its security products and analysis, the average cost of a breach is $3.86 million, a figure that can jump higher for larger companies. Organizations damaged by a cyberattack likely will be on the hook for paying back any customers, paying off any fines, and improving their security system.
Then there is the damage to their reputation that may take years to rebuild. This article will show you how to put a sensible strategy together to reduce your vulnerabilities to data breaches.
have learned lessons from large-scale breaches and taken steps to improve overall defenses. Unfortunately, this does not necessarily stop another closely connected security threat called data leaking. A simple definition of is the unauthorized transmission of data from an organization to an external destination or recipient.
Data Breaches and Consequences
In most traditional breach situations, a hacker or group of hackers try to find weak points to access a network. Sometimes it can be a firewall, but it also can be finding a way to gain legitimate access and credentials to gain entry. For instance, in the , attackers first illegally accessed the network of the company’s HVAC contractor and then moved easily into Target’s network.
In a data leak situation, “” can be found when information is transmitted from one source to another over a poorly designed or unsecured system. An easy example is an employee emailing sensitive information, such as passwords, credit card information, or other vital data of the company from their email, and or accessing public Wi-Fi at a coffee shop and sharing the company’s info.
These situations make it easy for unauthorized people to either grab the data or find a weak point for future breach opportunities.
Data leaks are not always done on purpose – sometimes, it is just the configuration of a site that neglected some critical security features or a new employee who doesn’t know much about security threats. Or, in some cases, leaks can be created and exploited , such as a developer who creates opportunities for unauthorized access to the company servers.
These are becoming more common, especially as more people have begun working remotely, often using their personal computers to access company networks.
What to do against a Data Breach?
What should responsive companies do to become more vigilant about possible leaks to reduce more significant threats? There are quite a few options.
1. Emphasize education and training.
Employees can easily be a weak point, so and reinforcement are vital. They have to be taught or reminded of the risk of sharing data like account numbers or passwords over unsecured systems. In addition, learning how to determine if an email or site looks suspicious or not plugging in unknown thumb drives can be another way of defense against the threat.
2. Offer VPN service.
A as a Virtual Private Network that can allow employees to connect to an encrypted network that connects with their primary network. It provides privacy and anonymity when they access public servers and also allows them to connect to their “work” computers from anywhere. It is the perfect combination, especially for a workplace that encourages employees to work remotely or at least from home.
3. Make an inventory of “smart” products in your workplace.
It is easy to think in terms of intruders only being able to access computers or mobile phones. However, many modern offices now have interconnected products that can store data or be . These can include printers, cameras, USB drives, or security cameras. Any of these can be potentially hacked into.
4. Look closely at your APIs.
(Application Programming Interface) is an interface that defines interactions between multiple software applications or mixed hardware-software intermediaries. Even though API provides conveniences for users, in terms of , an API endpoint is similar to any internet-facing web server; the more free and open access the public has to a resource, the greater the potential threat from malicious actors.
For instance, , the high-end fitness provider, recently found itself in hot water. Not only are its products like treadmills and bikes causing physical damage to children and pets, but it also made user data easy to grab. The intentions were good – the devices are supposed to upload regular performance data to a central server. But people nearby them could also access device info.
5. Keep vital data offline.
have created separate networks for sensitive data or even put especially prized info like source code in an unconnected terminal. Such initiatives are helpful to lower the risk of anyone accessing important information through the leading employee/public network. It reduces the risk of hackers being able to find much if they access the main network.
Alerts can also be placed on the secondary network, so anyone who accesses it will be flagged, even if they appear to be using the credentials of authorized employees.
Overall, companies that are serious about cyber defense must always be alert for external threats and beware of possible internal vulnerabilities.
Being constantly focused on security is vital to a modern organization. Past excuses to avoid learning more about security, like “hackers only go after the bigger companies” or “we’ll send out a memo about this topic,” are not good enough.
Increased awareness of internal and external threats should be thought of as a top-down and bottom-up approach, where everyone in the company can have a role in creating a system that avoids leaking.