Story image

Digital patch kit: How to protect yourself from data leaks

06 Jul 16

Data leaks, as we will explore in an upcoming feature, can emerge in numerous ways. Knowing where your weak spots are as organisation is, of course, important, but equally important is ensuring that you actively do everything you can to stay secure and protected.

In this piece we look at four key approaches that will plug any gaping holes in your defences.

1. Boosting security awareness 

It is often argued that a good security strategy has to start with people. After all, human error is the most common cause of data breaches, and security solutions can only go so far. Getting security right is as much a cultural challenge as a technical one. 

Indicative of how much work is needed, you only need to go back to 2012 to see how unprepared businesses are when it comes to raising awareness. According to an ESET study at the time a massive 68% of respondents said they had received no training whatsoever.

Things have gotten better, but there is still a lot to do. Today, smart organisations need to ensure that their cyber security efforts revolve largely around strong – and thought-provoking – company-wide training programmes. This means involving everyone from the CEO to the cleaner, teaching them about phishing, malware and more in interactive sessions that will leave a mark.

It’s important that security awareness is much more than just paper-based assessments or weekly email updates. It needs to be engaging, relevant and above all, interesting. Oh, and it has to be regular – cyber crime is always evolving.

End user security awareness training is a huge benefit, especially when it changes the culture of the company by making it more security minded. Training employees helps eliminate mistakes that could lead to a breach, as well as making them more informed (better able to notice odd behaviour by malicious insiders or fraudsters, for example).

2. Encrypt data and devices

Encryption is one of the most topical subjects in the world today. While it can certainly trigger many heated debates – it divides governments and tech organisations, for example – most people are of the opinion that it is a positive asset for organisations. As ESET’s Stephen Cobb noted in 2014 “there are a million reasons to encrypt sensitive data”.

Why is it so effective? Well, encryption makes (almost) certain that data is protected at all times, both at rest and in transit. Encrypting your data and device helps reduce the chance of cyber criminals intercepting the data in a man-in-the-middle attack, or of data being accessed by other unauthorised parties.

Organisations should, without hesitation, look to encrypt all sensitive information and devices. A good encryption policy that you can enforce on employee devices is also key. This is essential to helping reduce the likelihood of a possible data leak, which can, in turn, have huge repercussions on businesses. 

3. Manage your data effectively

Businesses should keep a close eye on what information is being shared with partners, suppliers and customers, and also what their employees are doing on the network. After all, since many companies have a multitude of endpoints, it is vital to monitor the traffic on all networks.

As ESET’s Cameron Camp recently explained: “If you don’t know where your information is, you may not have much luck protecting it legally, or really knowing how that might happen across different overseas jurisdictions if you run into trouble.”

Experts also suggest employing database monitoring tools, which enable businesses to supervise database access and activity. Such software scrutinises and notifies administrators of any unusual activity, including when an employee downloads, copies, deletes or modifies any sensitive information.

Behaviour monitoring is essential, which, along with a data loss prevention solution, should be used to set rules and boundaries. And, given the increasing number of drive-by download attacks on malicious or compromised websites, limiting employee (mis)behaviour should not be underestimated.

Essentially, you need to keep a close eye on what’s happening in your environment, and this requires good data logging and skilled staff to look out for anything odd or suspicious.

4. Protect the endpoint

In today’s technological age of bring your own device (BYOD), where more employees increasingly use personal mobile devices for work purposes, endpoint management is an essential part of company security – something that many chief information officers consider to be their main focus. 

Businesses should still have the ability for central control and monitoring of personal devices connected to corporate networks, even if it means remote wiping the devices if they are lost or stolen. This will require some communication with employees, so a BYOD policy is recommended so that both employees and employers know how devices will be managed and protected.

Endpoint security should include remote wiping, on-disk encryption and endpoint backup – after all, the data must be backed-up somewhere in the event it is lost, stolen or maliciously encrypted.

Article by an editor for we live security.

NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
GCSB's CORTEX project scoops iSANZ Award
“I believe this award is particularly significant as it is acknowledgement from our peers in the information security industry and from across the private sector."
NZ firms lack cybersecurity confidence, HP survey says
Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach.
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.