Data breaches run rampant in today’s digital world and even affect the biggest global brands. They can happen to anyone, but what can you do to make sure that your brand is safeguarded?
What is a Data Breach?
A data breach, by definition, is an event that causes a loss of control of sensitive or confidential information. This could be credit card numbers, social security numbers, passwords, or even something like email addresses. Generally, data breaches affect thousands or millions of users, but even a small loss of data (like an administrative system account) can lead to much larger exposure. Nevertheless, when user data is compromised, consumer trust is lost, and your business is likely to face a devastating financial blow. The decades of hard work you’ve put into your business to gain industry credibility can come tumbling down in just one hack.
The kind of breaches that you might commonly hear about are the ones where massive amounts of data are exposed to hackers and millions of records are taken in one hack, recent examples include the Capital One data breach and the Facebook data breach. In addition to data breaches, there are data compromises, like Magecart, where data is harvested slowly over time. Even though the hackers will only get one record at a time, they eventually compromise thousands of credit card accounts. No matter the method of the breach, the end-goal is the same: data needs to be protected throughout its processing lifetime. There are several things you can do to reduce the likelihood and scope of a data breach, see our tips for minimizing your risk of a breach below.
Why Steal Users’ Data?
The reasons criminals’ value and therefore try to steal this information can vary. Many sell this information to the highest bidder, while others use the information to steal identities, and many others purchase merchandise directly using stolen credit card numbers. This is a high dollar business and it doesn’t appear to be stopping any time soon.
Because the volume of data is larger, hackers tend to target corporations and enterprises that house millions and billions of records or have high traffic e-commerce websites. But that doesn’t mean you are off the hook if you are a small or medium-sized company, poorly protected data will eventually be found.
Data Breach Prevention Tips
- Encrypt and Protect. There is no reason not to support a full end-to-end encryption framework in your application. From HTTPS on the browser to encryption of backups and every point in between. Protect your keys; if you lose control of those, you’ve lost control of your data.
- Implement HIDS. Host Intrusion Detection Systems are a way of ensuring system consistency. They include tools that detect behavioral anomalies on your system, validate file integrity, and monitor logs among other things.
- Protect and Isolate Your Networks. Whether you’re deploying to the cloud or on-premise, it’s critical to ensure that there are tightly controlled network access control lists with rigid rulesets. Both ingress and egress traffic need to be scrutinized.
- Perform Regular Scans. Proper scanning, both from the inside and outside of the protected network, not only identifies potential vulnerabilities using known common vectors (XSS, SQLi) but also can highlight missing security patches on software and hardware.
- Control User Access. Understand and document who has access to data and to what degree. For example, if a user has access to encrypted data, do they also possess the keys necessary to decrypt it? Users should be required to pass through multiple levels of authentication to access sensitive data, and when this happens it should be tracked.
- Control Data Movement. Create policies that prohibit the storing of sensitive data outside of a “production” environment. Too many reported data breaches are from a staffer downloading a database backup, or spreadsheet of data onto a removable device (USB, laptop, phone, etc.) and subsequently losing the device.
- Store Only Required Data. Are 60 days of backups really useful? Maybe 30 days of inactivity causes a user’s credit card data to be purged. The idea is to minimize the amount of data that could be leaked.
Criminals are always on the hunt for the next big score. By keeping these concepts in mind, you can minimize your exposure both in scope and volume, detect issues, and be confident that your systems are in a consistent state. As regulations continue to advocate more strongly for customer data safety and control, be ahead of the game during application design.
Put our IT services and support expertise to work for your business. Contact us today.