Preventing Data Breaches: Is it Possible?

Data breaches get a lot of attention and are a constant source of stress for IT and executive management. And there are a lot of articles about “preventing” data breaches. But, we need to be realistic – is preventing a data breach even possible?

Most security experts agree there is no single solution that provides ironclad protection against cyberattacks and data breaches, especially when the threats are constantly evolving.

The reality is, prevention is really about limiting exposure and risk through multi-layered security practices.

To understand how to reduce risk, let’s look at what a data breach is, where your data lives, and several common causes.

What is a data breach?

In its most elemental form, a data breach occurs any time confidential information ends up in the wrong hands outside of your organization and can be used for nefarious purposes against the company and/or its customers.

The most common targets for a breach are:

• Company records, often to be sold on the dark web or held for ransom.

• Financial information, to enable fraudulently purchasing goods through the business.

• Customer data, to sell on the dark web to create false identities, and to fraudulently buy goods in customers’ names.

Where does your data live (and travel)?

Data is both digital and physical. Knowing where your data “lives” helps define the strategies and defenses you need to protect it.

Digital data is vulnerable to cyberattack. The vast majority of threats originate from external sources, although attacks have been known to come from disgruntled employees or supply chain partners with authorized network access.

Businesses with on-premises IT infrastructure need a robust firewall and user authentication features to keep information secured. Data stored on file servers and in document management systems (a.k.a. data at rest) should be encrypted and password protected. Businesses using cloud-based solutions need to take the extra step of protecting data streams during upload, download, and email transmission (a.k.a. data in transit).

Physical or printed data (also data at rest) is similarly exposed to risk. Company financial documents, a payroll report with Social Security numbers, a customer mailing list, or a new product launch plans left sitting unattended on a desk or in a printer exit tray might be too tempting for prying eyes to pass up. Secured printing solutions are a good idea to mitigate risk.

Causes of data breaches

We often think of most data breaches as criminal digital events driven by external threats; a database encrypted and held for ransom, a phishing attack, snooping on an unsecured conference call. But as noted above, it can also be as simple as a piece of paper walking out the door.

A company may have been purposely targeted for an attack, but the actual trigger is almost always accidental.

Nobody plans on opening an infected email, no one chooses to get hacked, employees don’t purposely leave patient test results in the printer tray overnight. We’re human. We make mistakes.

Also, consider that the threats are moving targets. While anti-virus software can monitor network traffic for identified threats, cybercriminals are constantly inventing new versions of malware that avoid detection until it’s too late.

For instance, one of the latest phishing schemes is a simple “Look who died!” email that appears to come from someone in your address book or a high school reunion website.

The shock value and pure curiosity of such a short message may be enough for someone to forget protocols if only for a second, and click, the hacker is in. 

So, everyone has to be on guard. Always.

How to prevent data breaches

As threats can come from anywhere and be disguised as anything, the best approach is a multi-layered security strategy to minimize the chances of anything getting through.

Encrypt everything

All files stored in document management systems and file servers (data at rest) should be encrypted using strong data encryption tools. Implement secured methods of file transfer other than email for sharing critical information (data in transit).

DocuWare, for example, is a document management solution that enables organizations to securely save, store, manage, and share documents in an encrypted form so data remains inaccessible to all but authorized users.

Keep technology updated

Stay current with the latest security standards and patches for your network. Make sure your document management system (DMS) complies with HIPAA, GDPR, Sarbanes-Oxley, SOC 2, or any other compliance mandates pertinent to your industry. Use high strength, auto-generated passwords. When your ISP or CSP recommends installing a security update, do it ASAP.

Implement access controls

Besides prohibiting the use of shared usernames and passwords, consider adopting Identity and Access Management (IAM) technology. IAM is about implementing access control policies to ensure that authorized users have the appropriate level access to technology resources.

IAM tools not only identify, authenticate, and control access for individuals who will be utilizing IT resources, but they also log the activities and the hardware and applications accessed by employees.

Identity access management is implemented through various technologies such as the aforementioned StreamLine NX, as well as Single Sign-on (SSO) to reduce password sprawl, Multi Factor Authentication (MFA), in which users must prove their identity through at least 3 layers of authentication, or Conditional Access, which limits user access to certain times, geographical locations, or employee groups.

Our Identity Access Management (IAM) service delivers these capabilities and more to reduce risk. Once deployed, employees, customers, and partners will find it easier – and more secured – to access multiple cloud apps and company resources from a wide range of devices, anywhere, at any time.

Related Content

Article: What is Identity & Access Management?

Install endpoint protection

Endpoints are PCs, data entry terminals, laptops and mobile phones, printers, scanners, and other IoT devices connected to the network. Left unprotected, these assets can be exploited to introduce viruses and malware into a network.

Our Managed Security Services includes 24/7 comprehensive endpoint monitoring and response. Cutting-edge solutions include static threat detection to identify known threats as well as behavioral threat detection to detect the latest threats. When suspicious activity is recognized, the endpoint is immediately isolated to minimize exposure and authorities are alerted to the breach.

Boost your defenses against ransomware

Ransomware is perhaps the most popular form of cyberattack. When it happens, immediate containment and isolation of infected devices, drives, and servers is imperative the moment it is detected. The fewer devices infected, the easier and faster disaster recovery will be – without paying the ransom.

Bullwall Ransomware Containment adds another layer of protection to existing network defenses by using AI to monitor files and network traffic to search for tell-tale signs of ransomware attacks – even those that have not been identified and named yet.

Even better, Ransomware Containment is agentless and requires no installation on individual endpoints. Rather than prevent ransomware from getting in (the purpose of your other defenses), it stops any active attacks that do get through. So, when an employee is taken by surprise and clicks on the Look who died! phishing email containing malicious code, the outbreak will be limited.

Monitor email attachments

Sometimes it’s not the email itself but an attachment that contains malicious code or instructions to automatically begin a download of malware.

Email-based threats are combatted using safe link and attachment detection technologies that automatically scan emails for malicious links in attachments. Suspicious attachments are then sandboxed for threat verification.

A solution such as Microsoft 365™ monitors email attachment integrity, automatically encrypts emails with sensitive information, and alerts end users to emails that originate from outside the organization.

Enable Web Filtering

Web filtering is achieved through DNS/IP domain-based filtering that references an extensive database of known malicious sites and sources of malware, blocking users from visiting or receiving information from those URLs. IT administrators can also enable filtering to prevent employees from accessing off-limits content such as gambling or adult websites through company networks.

Employee Training

Even with all of these technologies actively guarding your network, it turns out your first line of defense – your networked employees – is your best defense.

It is essential that organizations clearly communicate to employees their policies and responsibilities for handling and printing company data, as well as the potential consequences of a breach.

Security awareness training equips employees with the knowledge they need to protect themselves and their organization’s assets from cyber threats. Every day, new cyber risks and unique data security challenges emerge. As such, every networked user plays an increasingly important role in recognizing, avoiding, and preventing breaches.

Teach employees to use strong passwords, to check the integrity of the sender’s email address, and look for spelling errors and poor grammar in a subject line before opening a message.

You all want to ensure training for the handling of physical (paper) information too as well as proper phone etiquette, ie., what to discuss and not discuss in public settings on a smartphone.

Related content

Article: 11 essential hacking terms

Article: How to avoid ransomware

The bottom line in preventing data breaches

The bottom line is that there is no solution that is going to provide 100% protection 100% of the time against cyber threats known and unknown. But by weaving an intricate web of cyber defenses and employee education, organizations can minimize the risk of falling victim to a data breach.