With the recent upswing in COVID-19, many businesses have started to realize the benefits of moving their On Premises infrastructure entirely onto a major Cloud-based platform, such the AWS or Microsoft Azure. While this does have many advantages to it, one of the common problems that is coming out in the headlines are data leakages.
Data leakages can happen because of a malicious attack, or simply because a negligent employee has left the door wide open. No matter the cause, the critical thing you need to do is to act on it quickly and mitigate the risk of additional data falling into the wrong hands.
How can a business accomplish this? We will provide some to strategies in this article.
Strategies to Help Prevent Data Leakages
- Get a thorough understanding of your data. Unfortunately, when a CISO is asked what their data is all about, many of them simply cannot give an answer. The bottom line is that they just do not know. To avoid data leakages, one must have a firm understanding of the datasets that are being collected. Once there is a baseline understanding of the data, then a classification scheme should be established to rank datasets in terms of their importance and criticality. In a perfect world, all datasets should receive the same amount of attention, but due to limited resources, this is not a feasible solution. Therefore, based on how you have categorized your datasets, the most crucial ones should have the most controls associated with them, as well as constant monitoring.
- But don’t give all the attention to one type of dataset. Generally speaking, a company deals with three kinds of datasets:
- Data At Rest
- Data In Motion
- Data In Use.
Many organizations fall prey to thinking that all the protection should be given to the first category, because the common belief is that a Cyber attacker will target the databases first. While this is true to a certain extent, the second category needs just as much, or even more, attention. With the Remote Workforce now connecting remotely to the central server, any data in transit (or motion) can also be targeted by a malicious third party. To avoid this situation, the use of VPNs has now become the norm. While the use of VPNs has proven to be a great tool, it is showing signs of breakdown because it was simply not designed for so many people to be using it all at once. As a result, you should explore other, more sophisticated options that are coming out, such as the Next Generation Firewall, which is designed to handle a much higher volume workload.
- Select your vendors carefully. With businesses being quickly transformed into digital enterprises, the need to depend on vendors to help meet the demands of customers is now greater than ever before. Unfortunately, gone are the days when there was an implicit layer of trust between a business and their vendors. Today, you have to choose or “vet” those external third parties very carefully. After all, you will likely be sharing some highly confidential information and data with them. Therefore, you need to have a dedicated individual or team that is exclusively devoted to accomplishing this task. There is no doubt that this can be a laborious and time-consuming process. But keep in mind that you if your third-party vendor suffers a Cyberattack and some of your datasets fall into the wrong hands, you will be held responsible, not them. Furthermore, your business has now increased the odds of facing an audit by regulators, and harsh penalties imposed by the GDPR, CCPA, etc. As a result, the bottom line is that your vendor’s security practices and protocols should at least be on par with those of your company.
- Make use of Information Rights Management. With Information Rights Management (IRM) you place security protocols directly into a file itself, using encryption and tightened user permissions. Take the example of a database. Instead of just securing access to it, why not also implement other tools to protect the records that reside within the database? In doing so you maintain a very safe and secure versioning process, as your employees’ access and make changes to the database.
- Respond quickly. If you are ever hit by security breach, the first thing you (as the CISO) and your IT Security team should do is to put the fire out quickly and contain it from spreading further. This can only be done by having a rock-solid Incident Response (IR) plan in place. If your organization is large enough, you should probably have a dedicated IR team that can act as first responders. But keep in mind that simply creating this kind of plan is not a one-and-done deal. It must be practiced on a regular basis, with updates being made to it in real time.
- Passwords, Passwords, Passwords. Love ‘em or hate ‘em, the password will be the de facto standard for gaining access to shared resources and other types of classified information/data. Don’t think you can get away from this, because even if you have deployed a Zero Trust Framework, you will likely be using passwords as one layer of authentication. Therefore, the best advice here is to make mandatory the use of a very reputable password manager. This should apply to all employees, with no exceptions.
- Make sure to have Endpoint Security. This goes back to the concept of Data in Motion. Many businesses are typically concerned only with the network flow of communications but often disregard the points of origin and destination. Cyber attackers are aware of this and thus like to hang out at these endpoints until the time to strike is at hand. All of this can be avoided by simply implementing an EDR solution at these trigger points.
This article has described some tips that you can implement to help mitigate the risk of data leakage happening to your organization. However, this is not an all-inclusive list. The AWS and Microsoft Azure have their own set of security tools that you can make use of as well, as you create and launch your Cloud-based infrastructure.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.