Whether you are a large business or a private individual, chances are you have some sensitive information online. However, if you are an organization that handles payments, for example, or you store personally identifiable information about your customers, you have an added responsibility for ensuring that this data is safe.
While business and personal data has always been attractive to attackers, the stakes have become increasingly high in recent years. Private companies, authorities and security software companies are pitted against cybercriminals in an unrelenting race to improve their protective capabilities. However, while technology is usually able to keep up with the increasingly sophisticated threats, many organizations are unable to protect themselves against such threats.
Read on to learn about some of the top threats to data security and what you can do to mitigate them.
Data security refers to the practices and policies employed by organizations to ensure the confidentiality, integrity and availability of data. For some industries, standards such as the GDPR, HIPAA and PCI DSS may apply, and failure to comply can result in hefty financial repercussions.
Data security measures are typically laid out in an organizational policy and implemented by the Security Operations Center (SOC). In many cases, such as for companies operating in the EU, it is the responsibility of the Data Protection Officer (DPO) to oversee the implementation of security policies.
For the sake of simplification, I’ll classify data security threats into two types, data loss and data theft.
If data becomes unavailable, is damaged or deleted, this could potentially bring your operations grinding to a halt. It is also a legal requirement, in many cases, to guarantee that personal data is available to the data owner at all times.
Data loss can result from:
- Physical incidents—such as natural disasters, a power outage, damage to the server or wars.
- Human error—this is perhaps the most common cause of data loss, with users accidentally deleting data or falling prey to social engineering attacks such as phishing.
- Cyberattack—often, the main concern for an organization is that a cybercriminal or malicious insider will attack the system and destroy the data. Data can become temporarily or permanently unavailable if there is an attack on the network that causes the server to crash, such as a Denial-of-Service (DoS) attack.
This is especially serious if it involves identity theft, which allows an attacker to gain access to restricted resources or steal money. Attackers will often steal data for corporate espionage purposes, or to sabotage a company.
Common causes of data theft include:
- Insider threats—a disgruntled employee may steal data and pass it to a rival company, either for financial gain or
- Social engineering—this refers to attacks that manipulate an insider with access to sensitive data or restricted parts of the network. The victim may mistakenly share privileged information with the attacker, allowing them to gain access. The most common form of social engineering attack is phishing, or spam emails and websites designed to get people to click on a link and unwittingly download malware.
- Advanced Persistent Threats (APTs)—these are an insidious form of cyberattack, in which an attacker gains access to a system and hides for a long period of time within the network, quietly collecting data.
- Man in the Middle (MitM) attacks—these intercept network traffic, capturing data when in transit.
The following practices should help you protect
Data Loss Prevention (DLP)
To prevent data loss, organizations can employ a number of protective measures, such as backing up data to a second location. Physical redundancy is used to protect data in cases of natural disasters, outages or wars, or from an attack targeting on-premise servers. This involves storing data in an off-site data center or cloud environment.
There are a number of data loss prevention practices and policies that can help protect your data. It may also be worthwhile considering software tools, such as a DLP solution, to help you implement your data protection strategy.
To ensure that only authorized users can access your data, it is advisable to encrypt it in transit and at rest. This works by making the data unreadable to anyone without a decryption key.
Authentication and Authorization
You can use authentication protocols such as OAuth to protect your network. For added security, use two-factor or multi-factor authentication, combining a password with an additional measure such as confirmation code. The purpose of authentication is to verify that you are indeed who you say you are.
The next step is authorization, which establishes the access rights of a user. Limiting access rights is an important way to reduce the risk of exposing data. Authorization ensures that the access rules you have applied are implemented.
This may seem very basic, but many organizations overlook this important step. You should be updating your operating system and any applications or dependencies regularly to ensure that known security vulnerabilities are fixed. You should enable automatic updates where possible.
Conduct Security Audits
You should be conducting security audits at least every few months. This is to ensure that your overall security profile is up to scratch. You can use a third-party professional to conduct the audit, but in most cases this is unnecessary, and you should be able to do it yourself.
As a last line of defense in the event of an actual data breach, you can freeze your credit report. This involves locking your data at the credit bureau level, which has the ability to sell your personal financial identity data. This is the most effective way to block identity theft, as it disables the ability of a threat actor to use, for example, credit card information.
Use Anti-Malware and Antivirus
Since malware is the most common vector for cyberattacks, it is important to make sure you have the right protection installed.
Protect Your Endpoints
Endpoint devices are an important way for users to access critical data remotely but they also present an opportunity to attackers. You should implement good endpoint security practices, such as reducing access to endpoint devices where possible.
In some cases, limiting access is not a practical solution, so it is better to rely on software solutions such as an Endpoint Protection Platform (EPP) with Endpoint Detection and Response (EDR) capabilities. This will help mitigate against threats on the endpoints, including insider threats.
Data breaches are everywhere, and the threats to the security and integrity of your data are only going to multiply. However, there are a number of measures that you can apply to help protect your data from loss, damage or theft. The practices mentioned above are a good start, but you should establish a clear data security policy that will allow you and your employees to implement these measures as required.
It is also important to update your security strategy to keep up with evolving threats. Use the tools available to you, and don’t be afraid to seek help when you need it—a third-party security platform or consultant may well know best what you need to do to protect your data. Maintaining data security is essential for the survival of your business, as well as for compliance purposes, depending on your industry.
This series of posts document a high-level process to use when planning a modern web application, from project organization, collaboration considerations and tooling choices during development, all the way through deployment and performance strategies.