Preventative Actions for a Data Breach
Published by Rob Carson on
Unfortunately, no organization is free from a potential breach. Many actions can be taken to lower your chances of falling victim to a cybersecurity violation incident.
After all, “it wasn’t raining when Noah built the ark”!
- Only collect data that you actually need. As the saying goes: “less is more”; therefore, don't collect unnecessary information.
- Minimize data storage. Do not store the same information in multiple places unless you are deliberately making it part of disaster recovery.
- Limit data access. Share data on a need-to-know basis to limit incidents from taking place; after all, the marketing intern does not need access to customers’ financial statements. The term 'least privilege' is very popular with the best cybersecurity practitioners.
- Solid, active compliance systems. Depending on the organization’s clientele base there are compliance systems (such as ISO 27001, NIST 800-171 / CMC, FedRAMP, etc.) to help better handle cyber threats. The strictly enforced policies and procedures act as a manual for all personnel.
- Ensure policies and procedures are kept up to date. As time goes on, management may change along with the execution of tasks.
- Develop an Incident Response plan. If an event or incident were to occur do all employees know whom to contact and what actions to take?
- C-Suite attitudes and engagement in Cyber Security. Network Security should be taken very seriously, as this has been an issue for decades and has only grown over time. With that being said, if top management does not keep this at the top of their minds as a business threat, neither will their direct reports. Lead by example!
- Conduct annual security training(s). Do your employees know not to share login credentials? Best practices should be continuously emphasized. And, as policies and procedures are updated, personnel training must be as well.
The damage from a data breach can be extremely difficult to overcome. Depending on the severity, a breach can not only cost millions of dollars, but it could damage your entire reputation! Being proactive in securing your data is a must, especially if there is PII (personally identifiable information) at stake. Being known for great and continuously improving data security practices is a marketing asset!