How to Prevent a Data Breach

You’ve probably heard the phrase “the best defense is a strong offense”. That’s definitely true in the case of data breaches. Experiencing a data breach is expensive, both in terms of the amount of money it takes to restore your systems, and to your company’s reputation. It’s far less expensive to prevent an attack than to deal with one after it’s happened.

According to a recent report from Ponemon Institute, the average cost of a data breach has risen since 2017 to an average of $3.86 million. That cost includes both the amount of resources used for data breach resolution and the cost of lost opportunity and reputation.

Effective ways of preventing data breaches.

Hire an internal and/or external cyber security specialist: A report from McAfee found that 82 percent of companies across many countries report a shortage of cyber security skills, and one in three said this skill shortage makes their organization more desirable hacking targets. Particularly scarce skills include intrusion detection, secure software development, and attack mitigation. However, things are looking up; a report from Raytheon notes that more than one in four millennials say they are more likely to choose a career that helps make the Internet safer than a year ago.

A report from ISC2 backs this up, noting that efforts like the Cyber security Workforce Alliance and a handful of public-private partnerships are working to meet cyber security needs. The bottom line is this: While it might be challenging to find the right person, you can’t afford not to keep an in-house and/or outsourced security expert on call when it comes to securing your firm and your data.

Use antivirus and firewall protection: We assume you’ve taken care of installing antivirus software on all of your computers and a firewall on your Internet connection. If not, the time is now. All computers must run antivirus software. This is a fundamental security step that can save you from a lot of trouble. There is a sea of malicious programs crawling the web. A recent Ponemon report found that endpoint-focused attacks are increasing in frequency. It found that more than 60 percent of respondents had experienced an attack in 2018.

Separate your business and personal accounts: Keeping your professional and personal accounts separate minimizes the risk of an attack. Apart from the benefits of a better work-life balance, doing so makes it harder for hackers to capture all of your information in one swoop if anything ever goes wrong.

Set up and use security alerts: Find out right away when issues occur that can impact your business by setting up Google alerts for keywords and phrases like “data breach” or “security loophole). If your business is in the U.S. or UK, you have some additional options. The U.S. provides threat alerts if you’re signed up with the United States Computer Emergency Readiness Team (US-CERT). In the UK, you can  rely on the National Cyber Security Center for advice and alerts.

Empower your employees: Security starts with people. After all, it’s your employees and contractors who will end up clicking on the links in the phishing or ransomware email—so empower them. They should know how to spot and stop cyber attacks quickly and easily. The best way to educate them is by conducting cyber security awareness and preparedness training for your contractors and employees.

There are other ways to involve your employees in your organization’s security, such as:

  • Have written employee security guidelines.
  • Use a service like PhishingBox or BetterCloud to alert your employees to test their reactions to phishing scams. You can also use free tools like MSI Simple Phish to run phishing tests inside your organization.
  • Use appropriate security software for all employees. Consult with security experts to ensure that all employees are covered.
  • Educate employees about device security.
  • Teach employees about password security and password best practices, such as how to create unique, strong passwords, what makes a strong password, and the importance of frequently changing passwords.

Invest in password management security: Standard password management best practices, like those recommended by the University of Illinois, are important. These include:

  • Develop long passwords. Make them at least eight characters long.
  • Make them meaningless. Words you can read are not passwords, so don’t use dictionary words.
  • Mix both upper and lower case letters.
  • Use !@#$%^&*. Incorporate symbols, numbers and special characters.
  • Make them non-existent. Don’t ever write your passwords down, and don’t write the answers to your secret questions anywhere, either.
  • Only use them once. Don’t use a password more than one time.

However, if you’re going to create strong, unique passwords all the time, then you’ll need a reliable password management tool. Make it a company-wide policy to use password management tools to minimize the chances of a data breach.

Set up a telecommuting data access policy: Put a policy in place that deals with how employees can access data when working from home. But don’t assume that everyone will read and adhere to the policy. So once you put it in place, it’s important to get the word out, because losses aren’t just confined to cyber criminals—they can occur when employee actions unintentionally put corporate data at risk. One recent report found that 84 percent of executives consider negligent employees one of the biggest cyber security risks.

Hack-proof your WiFi. Take proactive measures to secure both office and home WiFi, such as changing your admin credentials, using a firewall, keeping your firmware updated, and using network encryption. Simple actions like centralizing your WiFi router also can help improve your security.

Ensure secure vendor platforms: Work with vendors to ensure that any apps, software services and websites your employees use are secure. At the very least, make sure all websites your employees use in the course of business start with HTTPS, have a website privacy policy, and post an icon with the words “Secure” or “Verified”.

Finally, have a response plan. If you’re waiting until disaster strikes to put together a response plan, you won’t survive the hit. It’s critical to plan ahead. That’s another blog in itself, but you can learn the basics.

Security threats are changing every day, and the world isn’t getting any safer. Take these steps seriously, and revisit them often. Good security practices are table stakes today. So get the right tools, policies and people in place, today.

Get the latest insights delivered to your inbox

Subscribe to identity and access management news and resources from industry experts.