FindHow Page

How to Prevent a Data Breach

What is a data breach?

A data breach (there are other terms for such an incident, including data leak, data spill and the euphemistic unintentional information disclosure) occurs when data which is supposed to be secure is leaked, either intentionally or unintentionally, to a source which is not trusted. Acts that can quality as data breaches include the theft of physical devices such as a hard drive or a USB flash drive and posting information online without taking the proper precautions. It should be noted that in the great majority of cases no serious damage occurred either because the breach was fixed before any unauthorized individual could get hold of it or because the thief stole the device only to get a computer to use and was not interested in the data stored on it. Still, it is important for all those who works with a computer system to do everything that they can to prevent data breaches from striking. This article will give some of the steps to take.

Who can be victim to a data breach?

Any company that works with computers is in principle vulnerable to data breaches. In addition to business entities, such groups include educational and scientific institutions and government agencies. One example of a major breach in recent times took place in October 2013 when hackers broke into the computers of Adobe Systems and stole the records of about 130 million users.

Companies that store the debit and credit card information of their customers also need to take the proper precautions. The biggest such incident, on January 17, 2007, involved TJX Companies. As many as 45.7 million customers had their card information stolen. One result of this breach was that credit bureaus began pushing for legislation that would hold retailers responsible if customer information that they had stored in their computer systems became compromised.

One of the most common targets of hackers is intellectual property (IP); others include technological designs, business plans and information on mergers and acquisitions. Many of the culprits are budding entrepreneurs who want to steal information on competitors against whom they need an “edge.” (Just look at how Sheldon J. Plankton is always trying to steal the Krabby Patty formula!)

Steps to take

Data leaks, it must be acknowledged, can strike both from without (when an outside hacker breaks into a system to steal information) and from within (when a present or former employee abuses the trust placed in him or her by his employees and gives unauthorized outsiders the information that they desire. This section is divided into two subsections, each of which deals with one of these problems and how to deal with it.

Outside jobs

The first thing that you want to do is to make note of where on your computers each piece of sensitive data is located. Your next step will be to install some kind of software that can protect your computers against outside threats. One such program is Identity Finder, which concentrates first of all on data “at rest,” which is when it is most likely to be the target of a data breach. It can also perform searches of whole file systems on Linus, Mac and Windows, automatically identify confidential information or any occurrence thereof, classify it for the purpose of security and reduce risk by limiting access. For the website of this company, see the list of links at the end of this article.

Inside jobs

No matter how airtight a security system is designed to be, it is only as strong as the people who have been entrusted with its maintenance. SpectorSoft CEO Jason Judge stated in an interview with Business News Daily that education is the number one element in the prevention of data spills. It is not enough to simply hand a manual to every employee in the company; you also need to make sure that they have read it and understand what they have read, especially the section on the company’s acceptable use policy. The company must also have some way of enforcing those policies and of proving that a given employee is in compliance with them. If they do step over the bounds of acceptable use, they should be told in the most unequivocal terms that there is a reason for these policies and that they are constantly being enforced.

Ways of preventing inside jobs include:

-carefully controlling who has access to information that needs to be kept confidential. Only those who absolutely need to be able to access such information should be permitted to do so.
-focusing closely on the activity of those authorized people so that there will be a clear information of what they have done
-similarly monitoring the activities of those who have just left the company. Theft of IP and other data is typically committed by those who resigned within the past thirty days. You should thus have a log for all employees that covers that length of time so that you will know if anything was taken before or after a notice of resignation was given.

What to do after you are done

You are never done with the task of protecting your data. You are engaged in an ongoing battle against those who would steal your data. Remember that above all else.