6 ways to prevent data breaches

Over the last decennium, hackers and other malicious people discovered increasingly more possibilities to abuse IT-related vulnerabilities. Not only individuals but also companies work 100 percent digitally nowadays. This makes these companies attractive targets of cybercrime; after all, you don’t need to break into a physical office anymore to steal sensitive data. System administrators continuously take measures to secure company data, but the (risk aware) behavior of your employees is just as important. Below you will find six practical tips to prevent data breaches.

Year after year it turns out that not the technique, but the human factor itself is the most important cause of data breaches. Necessary security updates are not performed, sensitive documents are taken home, passwords are sent by emails, and (malicious) attachments are opened without thinking. Almost weekly, we read about company and personal data being disclosed, but lately, we have been reading more often relating to ransomware that shuts down complete (digital) infrastructures and then these cyber hackers demand millions to get back the data hostage.

Anno 2017, exploiting existing vulnerabilities in commonly used software hardly requires any technical knowledge anymore; everything is on the internet if you know where to look. A big advantage to cyber criminals is that sensitive privacy information is much more brought together within the organization. Once they find a way in, for example via an employee re-using its passwords, they can easily cause much damage to the company.

Fortunately, there are many ways to decrease the risks and to prevent your company from suffering ransomware and data breaches. You can already start today with applying the tips below to prevent data breaches at your organization.

1. Create security awareness

Preventing doomsday scenarios starts with creating security awareness. Sensitive data of companies and individuals often turns out to be insufficiently secured. Each (connected) device within the organization is a security risk. This ranges from laptops and smartphones that are used for business and private purposes to security cameras and hard drives that can be operated using the internet.

For employees, it is important to be aware of the risks. Each time you save data to a USB stick and with each laptop or mobile phone that is not properly secured, you are at risk. Every unsecured device is a vulnerability within the organization, which can be used conveniently by a cyber criminal.

2. Keep training your employees regularly

Prevent Data Breaches - keep training your employees regularly

Creating awareness is the first step to improve the security of your organization from the inside and to prevent data breaches. Security of devices and data should preferably become routine, instead of something that is imposed by the IT department.

Training regularly is essential to keep employees aware of the importance of information security. Teach them, for example, how to recognize phishing and malicious attachments; this way you prevent yourself from data loss and the costs of restoring a locked or infected computer. Also, show them how cyber criminals work and which do’s and don’ts help in preventing a digital burglary. In our Security Awareness Library, you find important subjects which will strengthen risk aware behavior within your organization.

3. Make agreements

  • Everyone within the organization is a security risk. Therefore, it is important to test everyone and to see if certain users possibly have too many (or too few) rights. Subsequently, it is important to make agreements and to clearly document these agreements. For example:

    • Confidential information and passwords should not be sent by e-mail or chat, only in person or in an encrypted way;
    • Every employee should provide its (BYOD) devices that are used for business purposes with up-to-date security (also see tip 4);
    • Confidential information should only be disclosed in a secured environment. Sensitive documents should not be taken home to continue working on it over there;
    • Within the organization, you should not use USB sticks to exchange data;
    • Employees may address each other on possibly insecure behavior.
  • Prevent data breaches - Make agreements

4. Make security and monitoring a priority

It already helps a lot to make clear agreements within the organization about (handling) company data. However, also taking care of a good base by making security and monitoring a priority is a must. Basically, every business device – also the personal laptop and phone of an employee – should have proper security measures or software. This ranges from an up-to-date virus scanner and firewall to a hard-to-guess password and encryption (with a tool like Bitlocker).

Besides, all accounts and login credentials that are used in a business context should be sufficiently secured. Two-step authentication, for example for your business e-mail account, ensures that hackers don’t have enough information to get access when they have one password. Also, be critical to the password policy within the organization. Each account should have a unique and hard to guess password. If your employees have difficulties with remembering all these different login credentials, you can consider using a password safe like 1Password to give them access in a safe and easy way.

Active monitoring is a focus for the security testers within the organization. Its advantage, compared to automatic monitoring, is that you do not only look at patterns but also at unknown devices and IP addresses. All unusual and unknown behaviors will be reported to prevent misuse.

5. Make back-ups regularly

prevent data breaches - Make back-ups regularly

Several companies who suffered a ransomware attack decided to pay the ransom to get back access to their data. The police advise victims not to pay because this supports cybercrime. Besides, you don’t always get back access to your files. There’s definitely something to say for this, even though you know for sure you are not getting back anything if you don’t pay.

The best you can do is to plan good and regular back-ups. This way, you prevent data loss, because after an attack you can set back a copy of a moment before the infection. You’re better safe than sorry, but back-ups can save your company a lot of suffering once it goes wrong.

6. Be critical to cloud services

Back-ups can be saved locally, but now we also have the cloud. There are a lot of cloud services and it is important to examine how the service you use handles company data and privacy. Dropbox and Google Drive for instance, have their servers in the U.S., where, logically, other rules apply than in Europe. How is data in the cloud secured? Is encryption used and are the privacy and security rules for data in the cloud met? These are questions to which not all companies have an answer.

How to let everyone in your organization actively help to prevent data breaches

It’s human to forget something. Nevertheless, it’s important that everyone is aware of the right way to act in different circumstances like you read above in the six tips to prevent data breaches at your organization. This should be saved in your long-term memory and to reach that, you should keep repeating. A yearly training is not sufficient. Offering the same training every month takes too much time and will get boring quickly.

By regularly offering short, business-related learning experiences in different formats, BeOne Development helps companies and governments to constantly strengthen risk aware behavior among their people. With, among others, short videos and microlearnings, you can be sure that employees recognize risks and that they know exactly what to do in every situation.

We would like to explain to you how we can also help your organization with building and maintaining information security awareness. Call us on +31 (0)35 – 20 30 216 or leave a message using the form below. And if you’re around, please feel free to visit us in Hilversum for a cup of coffee and more tips to prevent data breaches!

Organization*
First name*
Last name*
Email*
Telephone*
Country
Industry
Message
Don't send me the
monthly newsletter
Preferred Newsletter Language
URL
Lead Source
Lead Status
Captcha 
Reload