Verizon released their annual Data Breach Investigation Report recently which you can find here. It is a great study of security breaches that occurred in 2013 and provides a good insight into what we can expect in 2014. If there is anything to take away from this report its this, don’t be a statistic in the 2014 report!
The first thing that catches your attention is that 69% of breaches are spotted by external parties. This can be very embarrassing for many businesses, due to disclosure laws you can’t even keep quiet about any breach while you deal with the fallout. So it is imperative businesses have some proactive measures in place to help curb such opportunists.
In no specific order I’ve listed a number brief recommendations to help you and your business minimize the chances of being compromised:
- Employ security best practices throughout the organization covering everything from office security, authentication and access policies.
- Extend security around applications such as the use of multi-factor authentication and even providing a varied array across systems. For example, Nervepoint Access Manager provides multi-factor authentication during password self service actions but each action can also be configured with a unique set of authentication methods.
- End users and customer service staff account for the highest number of breaches so it’s vital these users are able to use applications like password self service solutions to keep their personal data safe.
- Hackers rely heavily on mining information from social services, as I mentioned in my previous post, employees should avoid using the same passwords on social services as they do on accessing company resources.
- Monitoring and auditing is useful not only in ‘after the fact’ analysis of how the business was breached but also as an upfront measure to avoid breaches in the first place. A lot of systems, splunk, snort, provide a plethora of data that you can use to mitigate breaches before they happen. Nervepoint Access Manager provides real time data through an admin dashboard providing data to potentially foresee any password/account hacking attempts.
- Eliminate unnecessary data and manage access privileges – should everyone have root access to servers ? Should everyone have access to every system ? Businesses need to be more thoughtful on who has access to what.
- Consider provisioning and de-provisioning systems to help with automating new hire enrolment and performing necessary clean up tasks when employees leave. No one wants a disgruntled employee using their old account to hack into the company network.
- Don’t despair! It can seem like a lot to do, that the bad guys are getting ever more sophisticated but the report shows that almost all breaches analysed were classed as low or very low in terms of sophistication that can easily be prevented. So basic measures go along way.
These are just a handful of measures a business can take to help improve security all round and keep them, their assets but more importantly their employees safe. Each business is unique so I would recommend finding the right set of options that work for your own environment, the report itself also provides a good set of recommendations.