Are you going to try to get past that?! According to a 2015 study by IBM and the Ponemon Institute, the average data breach now costs a total of $6.5 Million or about $217 per lost or stolen record. That’s a new record high, and the trend is definitively on the way up. So what can you do to prevent or (God forbid) recover from a data breach?
How to Prevent a Data Breach
Black Widow might help, but let’s focus on the more realistic options…
1. Design for Failure
Safe cars are designed with intentional crumple zones. Use this. If someone wants to break in badly enough, it eventually will happen. Make sure that when they do, you can minimize the damage.
- Encrypt your data (in motion and at rest).
- Disable (temporarily) the offending accounts.
- Revalidate (more securely) any logins that seem suspicious.
2. Look Beyond IT
Many tech departments make the mistake of locking down the sectors that IT controls and calling it a day. To ensure security, you’ll need to look beyond the tech into:
- HR – on and off-boarding employees.
- Remote workers – protecting remote data.
- Physical security – defending against physical access to sensitive areas.
3. Plug Common Holes
OWASP, for example, provides a Top 10 list of the most common vulnerabilities. Do you have a mitigation plan in place for all of them?
4. Don’t Collect What you Don’t Need
This seems obvious, but in today’s Big Data world where data mining is the norm, it’s easy to overstep in the name of analytics. Do a thorough analysis of the effectiveness of the data that you collect, and weigh the potential benefits against the responsibility of protecting that data.
5. Minimize the Number of Storage Locations
Smart backup strategy (you are backing up your data, right?1) requires that you have at least 3 copies (2 redundant onsite, and 1 offsite) of your data, but think carefully before expanding beyond this. Without a careful strategy in place it’s easy to lose track of all of the storage locations. If you can’t remember where your data is, you can’t protect it.
6. Purge Old Data Responsibly
When data ages out and you no longer need it, are you purging it from your systems? Set appropriate expiration times. Then make sure that you use responsible data destruction methods, or partner with someone who does. (**ahem**)
7. Train, train, train again.
Just because you have a “policy” in place doesn’t mean that anyone actually follows it. Educate your employees on the importance of security to the organization. Give them a high-level view of the risk and goals, not just a list of to-dos – no one likes those. If your employees know why they’re doing something, they are much more likely to follow the plan. Remember: “Because I said so” is not a reason. We’re all adults here.
8. Grant Access on an As Needed Basis
What access do your employees have? Do they need that access to do their job? Give them just enough room to get the job done. Extra access means extra liability. And now for the real kicker: What access do YOU have? Do you NEED that to do your job? If your account is compromised it shouldn’t grant the hacker an all-access pass to your business. You hired a smart team. Let them do their jobs.
9. Make a Plan and Drill It
“Plans are useless, but planning is indispensable.”
—General Dwight D. Eisenhower
Would you make an emergency evacuation plan and never test it? What if after a fire broke out, you discovered that your specified escape route was blocked by the floor reconfiguration that you did 2 years ago? That’s a BAD time to find out.
Planning for a data breach is no different. By making the plan you force yourself to walk through the possible scenarios that could come up. Then put that plan into action by drilling your team with it. Trust me, the difference between theory and practice here will shock you. (Who has that password? Where is that disk image again?!) Do this. You won’t be sorry for the practice.
10. Hold your Vendors and Partners to the Standard
Once your house is in order, make sure that your vendor and partners don’t leak like a sieve. Share your security best practices with them and don’t be afraid to call them to a higher standard. After all, their failure falls back on you.
How to Recover from a Data Breach
Inconceivable! You’ve been breached, and your data is out in the wild. What now?! First off, I hope you’ve finished number 9 from the prevention list… if so, execute the plan. If it’s too late for that, follow this quick checklist.
1. Fix It Fast
Image the affected servers and save read-only copies for review later. Then contain the breach: block the offending IPs, sandbox the affected server(s), and restore normal function. Think quick, dirty, and fast. Speed is your friend — we’ll fix this properly in a little bit.
2. Draft Your Own Special Ops Team
Obama didn’t find Osama bin Laden on his own, and neither should you. Draft your own Seal Team six and get to work. You’ll need a combination of technical prowess, legal understanding, and a smart spokesperson.
3. Disclose the Breach
Yes, this will be painful. You’ll need to disclose the breach to your local authorities (if necessary), and your legal and PR teams so that they can draft notices and help to mitigate the potential fallout.
4. Test the Fix
Again, this seems obvious, but under pressure it’s easy to revert to “try anything” mode. After sandboxing the compromised servers, you’ll need to find the root cause and build a robust fix for the problem. Make sure that to test the fix against similar attacks to confirm that it works. Also test it to make sure that you didn’t introduce another vulnerability. Be thorough – then confidently move on to step 5.
5. Fix the Follow-on Problems
Data breaches do not occur in a vacuum. They typically result from multiple failures along the line, and the damage quickly spreads outside of the technical realm and into your conversation with your customers. Do damage control. Apologize for the breach, and mean it. Retrace the spiderweb of problems and make sure that nothing like this breach happens again. There’s nothing worse than being bitten by the same bug twice. Squash it!
- If not, stop reading RIGHT NOW, and get that done. Consider this step 0. ↩︎