March 25, 2015
Data breaches made the headlines in 2014 with attacks on major studios, retailers and government sites. Not surprisingly 2014 was labeled as the “Year of the Breach.”
But what about 2015?
According to a recent Forbes article, the title “If 2014 Was The Year Of The Data Breach, Brace For More” may portend what’s in store for this year.
Defining the Data Breaches
An industry definition of data breaches is “a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.”
This can include financial information such as credit card or bank details, personal health information, personal identifiable information, corporate trade secrets, and intellectual property.
Basically, it’s any sensitive information an enterprise must protect from cyber criminals.
Be Proactive with Your Protection
It’s not a case for enterprises to be paranoid but a little proactive planning can help assuage any future (and unfortunately inevitable) data breaches.
What follows are few measures enterprises can take to keep their data protected – and what to do when breaches happen.
1. Educate Company-Wide
Data protection is not just an IT department concern but a company-wide issue.
All these are just top-level examples but are definite paths for more discussion (and action!) within an enterprise. Safe guarding a company’s data should be exemplified from top executives to entry-level team members to even interns.
Educating the company of the best practices from treating sensitive data with the upmost security and care to creating secure passwords to even not downloading suspicious unsolicited email attachments are just a few examples.
2. Setting up the Defenses: Technology
Even if you have a talented and dedicated IT staff, you may need to partner with a security and data intelligence partner to augment your data breach protection. Sure, some out of the box solutions may suffice for the average consumer but not for a $100m enterprise.
Consider teaming up with a technology partner who can customize your security plan. They’re the experts in the field and potentially create a solution that fits your enterprise’s needs – and budget.
3. Plan and Processes
Does your enterprise have a Security Event Process or Incident Response Plan?
After setting up your data security measures, processes that analyze and identify potential events, and a response plan must be developed, shared and tested.
A Security Event Process monitors events that are collected from the IT infrastructure and applications in a client’s environement, providing collection, detection and alerting to clients on security incidents, violations or potential threats.
Incident Response (IR) is similar to DR but mainly focuses on how to respond to an incident i.e. “human-created attack such as malware”.
Both are crucial processes and plans for an enterprise to have in their data security arsenal. As we mentioned above, it’s not about being overly paranoid but proactive in your defense.
Interested in learning more about Incident Response? Be sure to read “When Defenses Fail: The Case for Incident Response Partners” on the Forbes/Symantec BrandVoice blog.
4. External Assessment
With all the planning, firewalls, company-wide education, there are probably a few vulnerable points in your data defense. While enterprises are urged to continuously review their security and response plans, an assessment from a third-party should be considered.
As we mentioned early, security intelligence and data solutions companies can bring a higher level of assessment for enterprise. Companies like Dewpoint can help review your current state and map out the best path for a more secure, strategic data protection and archive solution.
Overall, enterprises must take proactive steps in protecting their sensitive data breaches. As cybercriminals use more sophisticated ways to attack, the risk of data breaches increases. And we all know the financial damage they can cause.
Does your organization’s security comply with industry standards? Dewpoint can assist in assessing where an organization’s overall security posture is through a security assessment. The first consultation is free! Click the button below to learn more.
