How To Prevent Data Breaches: 15 Best Practices

Businesses across all industries continue to be plagued by data breaches. A December 2020 Security Magazine article revealed that 36 billion records were exposed during 2020’s first three quarters. This was a result of 2,935 data breaches. Data breaches are an everyday reality in a connected business world. Organizational leaders know this. These 15 best practices can be used to reduce the likelihood of a data breach and help you respond more quickly to an attack.

1. Sensitive data about identity collected, stored, transmitted, or processed

You must know what sensitive information you have collected, stored, transmitted, or processed before you can prevent data breaches. Cybercriminals are looking for non-public personal data (NPI) or personally identifiable information (PII), as they can sell it on Dark Web. Cybercriminals also target intellectual property such as trade secrets and patent documents.

Although they are often interchangeable, NPII and PII can overlap in certain categories. They also refer to other non-overlapping data types.

The NPI includes:

• Name
• Address
• Income
• Social Security Number
• Driver’s license number
• Account numbers
• Payment History
• Education data is covered under the Family and Educational Rights and Privacy Acts (FERPA).
• Combinations of anonymized data from the above list can be used to draw inferences

In other words, a lot of the information an organization collects must be protected or at least disaggregated.

2. Identify sensitive data storage, transmission, collection, and processing areas

Security experts argue that it is impossible to secure data you don’t already know. Any data security strategy must include information about where sensitive data is stored, transmitted, collected, or processed. You might consider an asset detection technology to help you identify and catalog your assets.

• On-Premises Servers
• Virtual Machines (VMs)
• Hosts
• Agents
• Workloads
• Examples
• Networks
• Applications
• Identity and Access Management Platforms
• Download forms for corporate websites

Your digital footprint will grow and you will need to add more locations that store, transmit or process data. You should monitor your assets continuously to prevent or minimize the risk of data breaches.

Also read: 10 Ways of Encryption Key Management and Data Security

3. Identify people who have access to sensitive data

While it may seem simple to identify users, companies often struggle with this because “users,” which can include multiple identities, are not easy to identify. When you are creating your data breach prevention strategies, think of the following “users”:

• Standard Users
• Application Programming Interfaces, (APIs),
• Robotic Processing Automation (RPAs/bots).
• SSL/TLS Certificates
• SSH Keys
• Microservices/Containers

Each of these machine and human identities act as an access point in your ecosystem, which makes it a potential data security breach.

4. Identify devices that store or transmit sensitive data

Management of all devices that can interact with sensitive information is one of the greatest challenges organizations face. You should ensure that all devices are captured as part of asset detection.

• Workstations
• Smartphones
• Laptops
• Tablets
• Telephones
• Printers
• Modems/Gateways

Every device connects with your network via a communication port. To gain access to your network, cybercriminals search for dangerous ports. Therefore, you must know which ports your devices use to protect them.

5. Assess the risk

Assess the risk poses to every person, device, or location that stores, transmits, and collects sensitive data. This may seem simple at first, but many organizations find it difficult because you create more risks by adding devices and locations to your ecosystem.

A standard user might only have access to one application on-premise that does not contain sensitive data, but this could be considered low risk. A high-risk user is a privileged user who has elevated access to a cloud database storing PII and connects from home using a personal device. To have a better overview of your privileged users, you should definitely implement a PAM solution.

It is more difficult to assess risk if there are more devices and identities that store, transmit, transfer, or process sensitive data.

6. Analyze risk

While analyzing and assessing the risk may seem like one thing, they are two distinct processes that provide different information.

Risk analysis is a way to identify the risks in your organization. A risk analysis is a process that takes each risk assessment measure and adds the potential impact of a data breach.

Organizations use a mix of quantitative and qualitative approaches. One qualitative approach could consider the productivity impact of a data breach, while a quantitative approach would look at the financial costs of a data breach.

Organizations often use a risk evaluation equation that looks like this: Risk = Criticality (probability or severity of data breach x vulnerability score x impact

7. Determine risk tolerance

Your risk tolerance is the whole point of risk analysis and risk assessment. Risk tolerance is basically a cost-benefit analysis. It compares the importance of technology to your business goals with the potential impact that a data breach could have on them.

You can choose from four options when deciding your risk tolerance:

• Accept: You may accept a risk even if it has a low business impact.
• Refuse to Accept: Risks may be rejected if they have a significant potential for impact, even if you could transfer them or reduce them.
• Transfer: You can have someone else take on the risk, at a reasonable price, such as with Cyber Insurance.

8. Controls

You must establish controls to reduce any potential risks. These controls demonstrate that you are aware of how a cybercriminal could gain unauthorized access to sensitive data and that you have options to minimize that possibility.

Some security measures include:

• Firewalls
• Encryption
• Management of Access and Identity
• Monitoring Vulnerability
• Installing Security Patch Latest

9. Initiate an IT security policy

A cybersecurity policy describes the written documents that include your risk analysis and tolerance. It documents the procedures and processes that are in place to mitigate data breach risks.

At a minimum, every IT security policy should include:

• Objectives: What the policy aims to achieve
• Scope: What data, systems, and networks is the policy cover?
• Specific goals: Compliance requirements and controls according to industry and regulatory standards
• Responsibilities: Who is responsible for the day-to-day activities?

Also read: Managed Detection and Response (MDR): Overview and Importance

10. Establish a privacy policy

Privacy and security go hand in hand, but they have their differences. Security policies are designed to prevent unauthorized access from outside to sensitive data. Privacy policies can also be used to prevent unauthorized access from the outside.

These are some of the most important things that a privacy policy should contain:

• Definition of sensitive data
• Data collection
• Data Use
• Data sharing
• Log Data Management
• Data Protection and Security

11. Anti-virus software should be installed

Ransomware attacks are still being carried out by cybercriminals. Research starting in 2020 revealed an increase of 715% in ransomware attacks that were detected and blocked year over year. Ransomware is not all malware. Cybercriminals often include malicious code in cyber engineering attacks to steal login credentials. Once they have the credentials stolen, they can gain access to networks, software, and systems where they can continue to increase privileges unnoticed.

Installing an antivirus solution is one way to reduce the dangers posed by malware. Also, it’s important to keep your antivirus software up-to-date. Anti-virus software providers often update the malware signatures and use advanced analytics to predict new ones. Anti-virus software detects malicious websites and files, quarantines them, and protects them.

Also read: Top 11 Enterprise Password Management Solutions

12. A data governance policy should be established

Data governance is an offshoot IAM that has distinct functions. Your data governance policy defines the processes and procedures that will ensure the safe handling and protection of your data.

It should at a minimum include procedures and processes for ensuring data.

• Qualitative
• Access
• Security
• Privacy
• Use

Also, you should think about assigning responsible persons to enforce these policies.

13. Initiate a vendor risk management program and policy

In today’s hyper-connected environment, third- and fourth-party business associates are vital to your business operations. Your vendors can enable digital transformation, but they also pose new risks due to the lack of visibility into their security status.

You need to protect yourself against data breaches by creating a vendor-risk management program and policy that address the following:

• Compliance
• Cybersecurity
• Privacy
• Reputation
• Legal
• Financial

14. Initiate a program of employee training

Training employees in cybersecurity awareness is essential to guard against social engineering attacks. You must provide training and assess user knowledge to prevent data breaches.

Cybercriminals often engage in social engineering attacks to obtain otherwise-unauthorized access to systems, applications, and networks. Include the following information in your training materials:

• Phishing, vishing, and smishing are all possible.
• Strong password creation
• Recognizing and avoiding malicious websites
• Problems with unsafe media like USB drives

15. Data backup and recovery

Backup and recovery is not always preventative measure. However, it can mitigate many of the productivity and data loss risks that are associated with ransomware attacks.

Include your business continuity and disaster recovery plans as a backup and recovery plan. It is important to have at least three backups on different media, with at least one off-site.

Bonus

16. Establish a strong password policy

It is possible to incorporate more web-based applications in business processes by moving to a cloud-first IT stack or a cloud-only IT stack. You need to establish a strong password policy in order to prevent attempted cybersecurity attacks like dictionary attacks.

These best practices should be used when creating your password policy.

• More than 10 characters
• Minimum one upper-case letter
• Minimum one number
• Minimum one unique character

It may be worth giving your employees a password management account to increase their chances of creating unique passwords.