Preventing Data Breaches: Is it Possible?
by Rob Pope and Neil Schaaf
Strategies and best practices to minimize risk
Read time: 7 minutes
Data breaches get a lot of attention and are a constant source of stress for IT and executive management. And there are a lot of articles about “preventing” data breaches. But, we need to be realistic – is preventing a data breach even possible?
Most security experts agree there is no single solution that provides ironclad protection against cyberattacks and data breaches, especially when the threats are constantly evolving.
The reality is, prevention is really about limiting exposure and risk through multi-layered security practices.
To understand how to reduce risk, let’s look at what a data breach is, where your data lives, and several common causes.
What is a data breach?
In its most elemental form, a data breach occurs any time confidential information ends up in the wrong hands outside of your organization and can be used for nefarious purposes against the company and/or its customers.
The most common targets for a breach are:
Company records, often to be sold on the dark web or held for ransom.
Financial information, to enable fraudulently purchasing goods through the business.
Customer data, to sell on the dark web to create false identities, and to fraudulently buy goods in customers’ names.
Where does your data live (and travel)?
Data is both digital and physical. Knowing where your data “lives” helps define the strategies and defenses you need to protect it.
Digital data is vulnerable to cyberattack. The vast majority of threats originate from external sources, although attacks have been known to come from disgruntled employees or supply chain partners with authorized network access.
Businesses with on-premises IT infrastructure need a robust firewall and user authentication features to keep information secured. Data stored on file servers and in document management systems (a.k.a. data at rest) should be encrypted and password protected. Businesses using cloud-based solutions need to take the extra step of protecting data streams during upload, download, and email transmission (a.k.a. data in transit).
Physical or printed data (also data at rest) is similarly exposed to risk. Company financial documents, a payroll report with Social Security numbers, a customer mailing list, or a new product launch plans left sitting unattended on a desk or in a printer exit tray might be too tempting for prying eyes to pass up. Secured printing solutions are a good idea to mitigate risk.
Causes of data breaches
We often think of most data breaches as criminal digital events driven by external threats; a database encrypted and held for ransom, a phishing attack, snooping on an unsecured conference call. But as noted above, it can also be as simple as a piece of paper walking out the door.
A company may have been purposely targeted for an attack, but the actual trigger is almost always accidental.
Nobody plans on opening an infected email, no one chooses to get hacked, employees don’t purposely leave patient test results in the printer tray overnight. We’re human. We make mistakes.
Also, consider that the threats are moving targets. While anti-virus software can monitor network traffic for identified threats, cybercriminals are constantly inventing new versions of malware that avoid detection until it’s too late.
For instance, one of the latest phishing schemes is a simple “Look who died!” email that appears to come from someone in your address book or a high school reunion website.
The shock value and pure curiosity of such a short message may be enough for someone to forget protocols if only for a second, and click, the hacker is in.
So, everyone has to be on guard. Always.
How to prevent data breaches
As threats can come from anywhere and be disguised as anything, the best approach is a multi-layered security strategy to minimize the chances of anything getting through.
All files stored in document management systems and file servers (data at rest) should be encrypted using strong data encryption tools. Implement secured methods of file transfer other than email for sharing critical information (data in transit).
DocuWare, for example, is a document management solution that enables organizations to securely save, store, manage, and share documents in an encrypted form so data remains inaccessible to all but authorized users.
Keep technology updated
Stay current with the latest security standards and patches for your network. Make sure your document management system (DMS) complies with HIPAA, GDPR, Sarbanes-Oxley, SOC 2, or any other compliance mandates pertinent to your industry. Use high strength, auto-generated passwords. When your ISP or CSP recommends installing a security update, do it ASAP.
Implement access controls
Besides prohibiting the use of shared usernames and passwords, consider adopting Identity and Access Management (IAM) technology. IAM is about implementing access control policies to ensure that authorized users have the appropriate level access to technology resources.
IAM tools not only identify, authenticate, and control access for individuals who will be utilizing IT resources, but they also log the activities and the hardware and applications accessed by employees.
Identity access management is implemented through various technologies such as the aforementioned StreamLine NX, as well as Single Sign-on (SSO) to reduce password sprawl, Multi Factor Authentication (MFA), in which users must prove their identity through at least 3 layers of authentication, or Conditional Access, which limits user access to certain times, geographical locations, or employee groups.
Our Identity Access Management (IAM) service delivers these capabilities and more to reduce risk. Once deployed, employees, customers, and partners will find it easier – and more secured – to access multiple cloud apps and company resources from a wide range of devices, anywhere, at any time.
Article: What is Identity & Access Management?
Install endpoint protection
Endpoints are PCs, data entry terminals, laptops and mobile phones, printers, scanners, and other IoT devices connected to the network. Left unprotected, these assets can be exploited to introduce viruses and malware into a network.
Our Managed Security Services includes 24/7 comprehensive endpoint monitoring and response. Cutting-edge solutions include static threat detection to identify known threats as well as behavioral threat detection to detect the latest threats. When suspicious activity is recognized, the endpoint is immediately isolated to minimize exposure and authorities are alerted to the breach.
Boost your defenses against ransomware
Ransomware is perhaps the most popular form of cyberattack. When it happens, immediate containment and isolation of infected devices, drives, and servers is imperative the moment it is detected. The fewer devices infected, the easier and faster disaster recovery will be – without paying the ransom.
RansomCare adds another layer of protection to existing network defenses by using AI to monitor files and network traffic to search for tell-tale signs of ransomware attacks – even those that have not been identified and named yet.
Even better, RansomCare is agentless and requires no installation on individual endpoints. Rather than prevent ransomware from getting in (the purpose of your other defenses), it stops any active attacks that do get through. So, when an employee is taken by surprise and clicks on the Look who died! phishing email containing malicious code, the outbreak will be limited.
Monitor email attachments
Sometimes it’s not the email itself but an attachment that contains malicious code or instructions to automatically begin a download of malware.
Email-based threats are combatted using safe link and attachment detection technologies that automatically scan emails for malicious links in attachments. Suspicious attachments are then sandboxed for threat verification.
A solution such as Microsoft 365™ monitors email attachment integrity, automatically encrypts emails with sensitive information, and alerts end users to emails that originate from outside the organization.
Enable Web Filtering
Web filtering is achieved through DNS/IP domain-based filtering that references an extensive database of known malicious sites and sources of malware, blocking users from visiting or receiving information from those URLs. IT administrators can also enable filtering to prevent employees from accessing off-limits content such as gambling or adult websites through company networks.
Even with all of these technologies actively guarding your network, it turns out your first line of defense – your networked employees – is your best defense.
It is essential that organizations clearly communicate to employees their policies and responsibilities for handling and printing company data, as well as the potential consequences of a breach.
Security awareness training equips employees with the knowledge they need to protect themselves and their organization’s assets from cyber threats. Every day, new cyber risks and unique data security challenges emerge. As such, every networked user plays an increasingly important role in recognizing, avoiding, and preventing breaches.
Teach employees to use strong passwords, to check the integrity of the sender’s email address, and look for spelling errors and poor grammar in a subject line before opening a message.
You all want to ensure training for the handling of physical (paper) information too as well as proper phone etiquette, ie., what to discuss and not discuss in public settings on a smartphone.
Article: 11 essential hacking terms
Article: How to avoid ransomware
The bottom line in preventing data breaches
The bottom line is that there is no solution that is going to provide 100% protection 100% of the time against cyber threats known and unknown. But by weaving an intricate web of cyber defenses and employee education, organizations can minimize the risk of falling victim to a data breach.
Want to learn more about how to avoid a data breach or implement enterprise-wide output management solutions? The security experts at Ricoh are at your service.
Rob Pope, Senior Product Manager - Security, has over 20 years of industry experience at Ricoh, holding various pre-sales positions while working with numerous Global and Fortune 500 companies. He has held his CISSP® certification since 2008 and counsels customers on the security aspects of their device, document, and network workflows. In his current role, Rob focuses on the security features and functionality of Ricoh-engineered devices, software solutions, and services.
Neil Schaff, Cybersecurity Product Manager, has worked as a product manager in electronics manufacturing in Japan and China for 3 years and has transitioned to the cyber security industry as a product manager at Ricoh. He oversees market release of Ricoh’s cyber security services and is an internal spokesperson for new Ricoh cyber security services.
Recommended for you
Data security breaches aren't only digital
When building an information security plan, the physical security of devices and documents is a crucial piece of your data protection plan.
Taking ransomware risk off the table
How Ricoh's ransomware solution reduces cybersecurity risk for the Town of North Andover.
Data security best practices every small business should follow
As businesses become more digital, security must become data-centric.