It is hardly surprising that as technology progresses, cyber attacks are becoming a common and frequent problem, anyone can be at risk of a data breach, from individuals, to huge corporate businesses. In fact, according to the IBM Security Data Breach Report, the Global average cost of a data breach in 2020 is £2.82 million.
Although a data breach is primarily connected with a cyber-attack in its various forms, it is not always the result of malicious cyber activity. Nevertheless, data breaches can hurt businesses and consumers in a variety of ways. Not only can they become costly, but reputations can take time to repair.
A data breach tends to occur due to weaknesses in user behaviour or technology. As we become increasingly connected through our devices, there are more places for data to slip through due to vulnerabilities like weak credentials.
There is an assumption that a data breach comes from an external hacker. However, this is not always the case. Errors in the setup and configuration of IT systems and that of third party suppliers can lead to unauthorised exposure of information. Employees may accidentally or maliciously expose or delete data. Devices like phones and laptops can be lost or stolen.
We explain some routes to data breach business protection.
Secure your systems from a data breach
Ensure your firewalls are turned on and correctly configured is and that you have endpoint (anti-malware and anti-virus) security installed on your devices.
One of the challenges that companies of all sizes now face, is the dissolution of a defined network perimeter to secure thanks to the ever-growing adoption of cloud services. Whilst these services allow greater flexibility for organisations, the management of their security and its associated risks add organisational complexity.
There is a common misconception that outing data in the cloud automatically makes it secure. The reality is not so straightforward. Cloud security is a shared security model. The vendor has responsibilities and you have responsibilities, especially if you are using infrastructure as a service (IaaS).
Restrict access & permissions
Your network should be set up to recognise each user and each device with network access control, meaning that unauthorised devices either have restricted access or none at all.
This principle should be taken further by using role-based access control — only allowing relevant employees access to the data they need to fulfil their role and to ensure that their permissions are reviewed as and when employees move through the organisation. Alternatively, you could link access to a worker’s function or location — ‘attribute-based access control’.
Remember to change or remove access on all cloud platforms when someone changes role or leaves your organisation otherwise cloud/internet services can complicate access control if you don’t use a single sign-on solution.
Authentication should be based on something you are (e.g a fingerprint), something you know (e.g a password) or something you have (e.g the code provided using an authentication token or app). Historically, organisations have focused on only one of these — a password.
Ultimately, prevention needs to happen at all levels of an organisation and taking these steps will help to reduce the risk of a data breach.
Further to that, managing your supply chain security is paramount to ensuring your systems remain secure. Asking the right questions of your supply chain and monitoring potential risk ensures you have more visibility of any vulnerabilities in order to mitigate a breach. Find out how our supply chain security services can help you.
If you are trying to clarify whether you are at risk of a data breach, or want to discuss what your business needs in order to prevent a breach, we can help. Contact us for a no-obligation chat.