Unless you’re monitoring everything that goes on in your network and computer systems, it’s tough to figure out if you’ve been breached. Losing a sensitive file may not be obvious. If you lose your backup tapes or someone steals a laptop with sensitive information, then you should assume you have a problem.
Take the case of Providence Health & Services, who in 2005 had a laptop bag stolen from an employee’s car during the night. In the bag was a laptop, backup disks and tapes. According to the story, there were unencrypted records from about 365,000 patients on the disks and tapes. The thief was most likely after the laptop and had no interest in the disks and tapes. The thief probably tossed the backup devices into a dumpster. The company reported the theft to law enforcement and that’s when the wheels starting turning.
Other breaches are detected because computer logs show something unusual, like a massive dump from a database or an unauthorized access to a system. But more often than not, undetected breaches are happening left and right. There are many monitoring and filtering solutions that address threats at the perimeter or on computers. Data loss prevention tools can detect possible breaches before they leave your firewall. Endpoint monitoring solutions can detect breaches at the PC level. These can detect some issues, but not all.
Unfortunately you may not notice a data breach until someone releases your information. It may be done publically, like on WikiLeaks or in a newspaper. Or you may not know at all. Take the case of a person leaving your company to take a new job. That person has lots of sensitive files on her laptop and decides to copy them to a hard drive at home. She leaves your employ and uses those files at her next job. How do you know that anything was taken? Maybe she took your customer list and starts poaching customers or maybe she has your product design plans. Unless you catch her with the sensitive documents, its tough to prove any wrong doing.
Here are 7 tips to help prevent a data breach:
- Only allow authorized access to computers and applications
- Keep portable devices and media in your possession or locked up at all times
- Do not forward confidential information from your work computer to a personal device
- Log off or lock computers when you walk away from them
- Do not share passwords with others
- Use a VPN when away from the office
- Do not print to a printer unless you retrieve the paper immediately
The best ways to prevent a breach are to start by understanding what information is important and put policies and procedures in place to limit access to that information. You need to understand how people interact with the information everyday, since sharing and collaboration are key to most businesses. Follow that up with technology solutions to implement those policies. A policy that prevented employees from carrying backup tapes offsite and leaving them overnight in an unsecure location may have prevented the problems with Providence Health & Services.