Data Visibility & Protection Endpoint Security

Back to the Basics for Data Breach Prevention

January 10, 2019

According to the Identity Theft Resource Center (ITRC), the number of significant data breaches at businesses, government agencies, and other organizations in the U.S. alone hit a new high of 1,579 in 2017. That number is much higher for 2018 says the ITRC, even though final numbers are not yet available. Both years are up substantially from fewer than just 200 in 2005, the year the non-profit started tracking data breaches.

The increasing likelihood of a data breach is undeniable. Severe regulatory enforcement is a direct result of the frequency and impact of these breaches. Data regulators in the EU are now able to hand out fines upwards of €20 million thanks to GDPR. HIPAA fines have also grown significantly – for example, Anthem was ordered to pay a record $16 million in 2018 for a breach that exposed the information of 79 million individuals.

With the continual rise in data breaches and the zero-tolerance approach taken by regulators today, many security professionals are going back to the basics on data breach prevention. There are many interesting, cool new security tools to explore but all are for nothing if you don’t have your basics in place – covering off on people, process and technology.

People: Create a Security Culture

According to a recent Ponemon report, 27 percent of data breaches are caused by negligent employees or contractors. Unfortunately, these negligent insiders are often the hardest to identify. They have no malicious intent — they’re simply trying to be productive and independent — which sometimes leads them to circumvent IT, download insecure apps, save data to their mobile devices and cloud drives, or misplace their laptops.

No one technology solution will protect an organization from careless or inadequately trained staff, so the last thing you should do is purchase the latest new tool and forget about it. Instead, educate, train, and test all employees at regular intervals about security awareness, warn all company stakeholders against the dangers of a data breach, and set clear expectations for behavior.

Process: Implement a Cybersecurity Framework

A cybersecurity framework (CSF) will help you protect your security foundation with improved visibility and control over all of your endpoints, formalize your security disciplines, and scale your security operations. The NIST CSF offers five functions you can follow to ensure data security:

  1. Identify devices that store, transmit, and process information.
  2. Protect data and manage risky assets throughout their lifecycle, particularly removing, transferring, and disposing of assets and data.
  3. Detect issues and pay attention to changing circumstances and negligent users.
  4. Respond to vulnerabilities and threats in a programmatic way for fast, effective remediation.
  5. Recover and iterate question assumptions, improve security controls, and leverage new knowledge to influence future decisions.

Technology: Visibility is Your Breach Lifeline

Risks can only be addressed if you know about them. Follow these steps to gain visibility and control over your device population:

Protecting your organization against a data breach requires smart strategy, diligence, and teamwork. Even still, there is no guarantee you won’t be faced with unauthorized access. For more information on how to secure your organization from potential threats, download our whitepaper: Top 10 Data Security Tips to Safeguard Your Business.

Data Visibility & Protection Endpoint Security

Share this article

Financial Services