In the aftermath of the Ashley Madison data breach, numerous reports are emerging of the stolen data being used to carry out phishing attacks, blackmail customers and extract further sensitive information from them.
In other words, the original breach was just the beginning as criminals look to leverage the stolen information for maximum gain in the shortest period of time.
While information security is rarely far from the news, major global breaches like this put it firmly back in the limelight and businesses must learn what they can or risk being next.
All organisations have sensitive data that must be protected, whether it’s new product designs, credit card numbers, personal health information or company payroll data, and suffering a data breach could quickly lead to disastrous consequences.
Properly protecting this data can be key to the company’s long-term survival, so it is critical to ensure appropriate steps are taken. Below are six tips that will help businesses keep their most valuable asset safe:
1. Put data protection at the top of the list
This may seem like a no-brainer, but despite all of the chatter in the C-Suite about cyber security, few companies have meaningful data protection programs in place. They often cite the need to preserve the free flow of information and to not impede worker productivity.
But the truth is, there are solutions and approaches that balance the need to protect data with the need to drive rapid innovation. Data protection has to be an executive priority or it won’t get done.
2. Identify your most important data assets
All too often organisations have no idea where this valuable data is stored and who has access to it.
Organisations must know what their sensitive data is if they want to prevent it from being stolen. Simply identifying the crown jewels can feel like a daunting task, but it doesn’t have to be. Start with your most critical data — the data you know a hacker is after. Get that identified first and then move to the next organisational function.
3. Protect those data assets
This is going to sound very basic, but once sensitive data is identified… label it. Literally mark all critical assets as “internal only” or “confidential.”
Whether the document is digital or paper-based, this is the quickest and easiest protection method. It provides employees with a visual cue to treat the document with care, and employees are often the ones targeted by hackers.
There are also additional technologies that you can employ to ensure your sensitive data stays safe. From encryption to digital rights management, from persistent document tagging to policy-driven data protection, there are numerous approaches to ensure data flows freely, but only on a need-to-know basis.
4. Think like the cyber criminals
Take a look at all of your business processes to determine where data theft might occur. Assess your data from an outsider’s standpoint — what would you want to steal and how would you do it? Then, set to work plugging those holes. The security pros call it “threat modeling” and it’s one of the most effective ways to ensure security.
Read more about securing your business against the cyber threat:
- Don’t fall into the trap of the cyber myths
- Target cyber hack shows how vulnerable smaller businesses are to digital attacks
- 6 steps to follow after a cyber attack on your business
5. Improve employee awareness
As mentioned earlier, the weakest link in data defense is the employee — from the C-level executive to the receptionist.
Add data protection to manuals and employment agreements, and train them on your policies regarding the use of confidential data. It also helps to perform regular security awareness training and invite your contractors, vendors and partners to participate, as they should be subject to your data protection policies as well.
6. Be prepared if your data is stolen
Have an incident response plan at the ready. Even the organisations that have their data protected can still become victims of breaches. Today, cyber criminals are more nimble and financially motivated than ever before, so it pays to be prepared.
Salo Fajer is CTO at Digital Guardian.
Share this story