Dec 2018
Best Practices to Prevent a Data Breach
Data security threats are present at numerous levels. Whether a breach is due to a remote hacking or the setup of spy bugs, you must take steps on multiple fronts to ensure that your private data never falls into the wrong hands. The following article covers the most effective ways to prevent the breach of data.
How to Prevent Data Breaches and Information Leaks
To eliminate the possibility of a data breach, you need to secure your private system data from leaks and outside intrusions. This requires ongoing training and updates to system software and security protocols. Moreover, you must consider the threat of inside leaks and take preventative steps against such possibilities. To that end, you will need a security arsenal to monitor activity within your company and detect the presence of possible bugs.
How Does Leaked Information Happen?
Corporate information leaks occur when data is put in a vulnerable place. In some cases, the data is accessed by a system intruder or hacker. In other cases, the info leaks due to some oversight on the part of a company employee. There have also been situations where the leak is deliberately enacted by a rogue insider. The most common causes are as follows:
1. Documents Change Hands
When classified information slips into the wrong hands, the data is often obtained in a format that can easily be stolen. This makes it risky for companies to print critical private data on physical documents. If a rogue insider or interloper knows what those documents contain and how that information could be used against your company, the fact that the information is printed out would make things all the more easy for that individual.
2. Accounts Are Hacked
Hackers are constantly on the move to find new weaknesses within system programs. As software programs are updated with new security patches, hackers up their game to discover the next hole to exploit. The companies that are most vulnerable are those that fail to update their systems on a periodic basis with the latest security patches. If your company has used the same network for a few years or more with no security updates, all of your private data could be at risk.
3. Recordings Are Leaked
Today, recordings of private meetings and business transactions are easier to procure and obtain than ever. A person could activate the record function on a mobile device from within his or her pocket and have a private conversation captured in digital form. The individual might then leak the recording, possibly by accident. For example, a recording could be uploaded to a computer with intent to store on a private cloud server. With one wrong push of a button, the recording might suddenly be emailed to hundreds of people.
LEARN MORE ABOUT OUR TSCM & BUG-SWEEPING SERVICES
4. Disks Are Stolen
A disk can be as dangerous as paper when it comes to data theft simply because it can be stolen by anyone who knows the content and its value. If a removable disk with user lists and customer info is set aside for even a moment, a company could suddenly find itself facing a considerable system breach.
Threats to Data Security
To prevent security breaches, it is critical to make sound use of the latest technology. If critical data is stored in any format that could be stolen or exchanged, there lies a potential threat to data security. Likewise, if critical data is shared across a network that could possibly be hacked by an outsider, that data could be at risk. The following media pose the biggest threats to data security:
1. Paper Documents
One of the biggest threats to data security is the printed document. While companies are most wary of digital data leaks, paper documents pose a serious threat simply because they are hard to trace. A rogue insider can print out confidential data and slip it to a third party, all without detection.
2. Computers
Desktop computers have been the source of countless data leaks. Anyone on any computer connected to a company network can receive, retrieve and download sensitive documents — and then can leak them to a third party. An employee might also save the information on removable media, such as a thumb drive.
3. Internet
Online programs and portals are a frequent source of data leaks. If your company uses an online communications portal, the accounts of users could easily be hacked if simple passwords are allowed. The most vulnerable passwords typically consist of simple combinations of letters and numbers, such as ABC123. It is said that hacker style algorithms can hack passwords of 26 characters or less in a short amount of time.
4. Email
One mistake that employees often make is to send personal emails from company computers. While it is often assumed that personal email accounts are more secure than company ones, cyber spies will sometimes observe this behavior to take advantage of employee trust. For example, if an employee has engaged in online auctions and related transitions, a spy might send malware email with a misleading header, such as “gold coins cheap,” that the employee is likely to open.
5. Smartphones and Laptops
Though not as common as desktop computers and paper documents, smartphones and laptops have been the source for data leaks, often times involving rogue insiders. In a private meeting, for example, an employee could use a concealed smartphone to record a meeting and then leak all the secrets discussed among those in attendance.
6. Removable Media
Information can easily be leaked on thumb drives, zip disks and external hard drives. A rogue insider, for example, could copy information onto a thumb drive and hand it to a third party, yet claim the drive was simply lost or stolen. An employee could also copy private data onto a removable drive and take it home to complete some work on a non-secure PC, unwittingly rendering the data vulnerable in the process.
Corporate Eavesdropping and Competitive Intelligence
To stay on top within an industry, it is crucial to gather and examine info about products, customers and possible competitors, as well as pertinent environmental factors that could impact the market in question. Of course, you also need to keep activities within your company under counter-surveillance to ensure that none of the following situations emerge through the misuse of competitive intelligence:
1. Loss of Customers
One telltale sign of a data leak is when a company loses customers. If you suddenly notice a downward trend in subscriptions, renewals and purchases, there could be a leak of your contact lists. This would be especially likely if market indicators would otherwise point to an upward trend. Your product or service is popular, and the market is ripe, and yet you are still losing customers. Consider the possibility that someone in your company is purposely sending customers elsewhere.
2. Changes in Employee Behavior
When an employee of your company starts to change their behavior and becomes less transparent and personable, chances are that they have undergone a change in life. If the individual has seemed less energized for the job and less enthusiastic about the company, perhaps an opportunity has arisen elsewhere.
A red flag of an employee gone rogue is when they become careless about standard security measures. Perhaps the individual has had a sudden change of fortune, in which case you might wonder why the person has not put in their notice. Consider that the person has only stayed on board to have ongoing access to your customer lists.
3. The Emergence of New Competition
Some of the fastest rising competitors are the ones that steal thunder from a nearby rival. If a large number of your customer base abandons you for an upstart service, it could very well be the case that the competitor is someone with inside ties to your company.
In some cases, there will be cooperation between several employees to route customer traffic over to a start-up company. These employees would know all the terms and rates of your business. Armed with that information, they would be able to devise a low introductory offer to get your customers switched to their service.
Preventing Corporate Data Leaks
The best practices to prevent data breaches are generally enacted by companies that make it difficult, if not impossible, for employees to go rogue and misuse company data. With the following policies and practices, you are far less likely to ever have an employee leak or sell private data or use such information to jumpstart a competing brand.
1. Employment Contract
One of the most compelling ways to prevent data leaks is to make it clear in writing that any intentional breach of data could result in legal action against the rogue employee. The contract should stipulate that the employer will monitor the information on the employee’s computer and reserve the right to claim damages in the event of a leak. An employee is less likely to engage in rogue activity if they know doing so could result in steep fines and possible jail time.
2. High Salaries
One of the most significant incentives for loyal, honest, hard work is a high salary. When you pay your employees well, they will be likelier to stay with your company and remain true to the values and vision of your company name. To that end, they will be more inclined to protect the integrity of your company and do everything in their ability to safeguard private data.
3. Training and Testing
Employees need to be trained and retrained on how to handle data security threats and prevent leaks of sensitive information. To ensure that your employees can and will take the proper courses of action in light of a perceived threat, they should be subjected to random testing from time to time in the form of “suspicious” viral emails and inquiring phone calls. This way, you can see how your employees react and whether they sense something wrong and report the matter, or if they fall for the bait and fail to handle it properly.
Technical Surveillance Counter-Measures
Data leaks occur on numerous fronts, and it is critical to establish security protocols for each medium on which data is stored and transferred. To protect your company against a breach, you must establish a policy for critical data. It is also essential to maintain a monitored network and to have all documents encrypted. Here are some of the top technical surveillance counter-measures (TSCM) your company can take:
1. Identify Critical Data
It is crucial to establish a data hierarchy to prevent corporate information leaks. Data filed in the most critical category should receive maximum protection. In the healthcare industry, for example, protected health information would fall under this critical category. Financial statements and strategy checks would also be included in this critical category.
The implementation of a data protection system is a progressive process. For a security system to stay current, company personnel must be retrained on an ongoing basis as security protocols are updated in advance of newer threats and system patches.
2. Monitor Access and Activity
Once you have an established set of privacy categories, you must ensure that policies are followed at all levels within your company. As part of your effort toward preventing security breaches, use technology to monitor network traffic across your company’s computer system. This way, everything deployed across the network can be traced, and irregularities can be caught in real time.
When corporate information leaks occur, it will often be the result of a hack that the perpetrator premeditated up to six months in advance. When network traffic is monitored in real time, rogue behavior can often be detected before an actual breach occurs.
3. Use Encryption
A data security expert will stress the importance of encryption, which most people understand as the layer of protection that makes it safe to transmit data via online networks. When encrypted, data is encoded so it can only be accessed by authorized personnel. Today, encryption is being taken to a new level to protect documents in transit.
When private documents are encrypted, they cannot be read by unauthorized personnel. If a thumb drive is stolen or an email is leaked, the encrypted documents or attachments cannot be read by anyone without the access codes. When you encrypt all of your critical company documents, it will render them virtually impossible to steal.
4. Network Lockdown
Wi-Fi has posed an increased threat to data security. For maximum safety in light of mobile interference, you must keep your network on lockdown. Make sure that company personnel only use approved devices. Enable router firewalls and disable guest access. Keep firmware updated and conduct tutorial reviews with employees on the best practices for mobile security.
Contact Silent Guardian for TSCM Services
In today’s business world, data breaches occur remotely as well as from within a company’s headquarters. Even once you have rendered your company’s computer network virtually foolproof, someone might infiltrate your company and set up bugs and wiretaps to capture vital competitive intelligence.
To ensure that none of your critical data falls into the wrong hands, you must catch all possible bugs and wiretaps before any information is leaked to a third party. At Silent Guardian, we provide technical surveillance counter-measures to combat even the most hidden attempts to steal information from your company. Contact us today for more information on our services.