Most businesses do not have a pre-defined strategy to follow when sensitive information is stolen from their system. The complexities caused by data breaches are underestimated. Companies follow fortress approach and use encryption security, firewalls and proxies to keep intrusion away from sensitive data. However, once a data breach has taken place, what counts is the work done prior to the breach. It would be very difficult to do much after the breach.
Companies need to plan ahead and get ready to answer the important question: “What do we do after a data breach” well ahead of time. Companies need to avoid data breaches, but if they find themselves in the unfortunate situation of a data breach, they should not underestimate the effects of the breach.
Remember that cyber attacks are not what they used to be a decade ago, they have evolved, but information governance programs have not changed much.
Triage and Mirage
It is an essential part of an information governance policy to make arrangements against data breaches. For an effective information governance policy, companies must have an all-inclusive understanding of their sensitive data, so that they can be proactive throughout the data breach. Knowing where sensitive data resides will prove to be very challenging, as companies have a lot of data in their network systems, but data breach readiness does not need an all-or-nothing approach.
There is no need to create data map as companies are bound to work at the content level to recognise things such as payment card information, personal health information, and personally identifiable information. When mission critical information is used or updated, make certain that the data is placed in specific repositories with backup options, as well as security provisions. Data masking, dual factor authentication and strong password are significant security layers that can be used. Moreover, masking can scramble data in order to make social security numbers or credit cards invalid, acting as deterrent and traps against cyber attackers.
Careful Data Sharing
Controlling user access privileges to data repositories is equally important as data breach preparedness. File sharing improves collaboration and efficiency, but makes the data available to potential breaches and also makes the data accessible to all, including unauthorised people. File sharing is one of the least secure locations in the network, as permissions are not strictly enforced in many cases. At times, file shares are made available to everyone by default, allowing everyone in the company to access those files.
Permission forms, compensation statements, account numbers, customer records and HR records could easily be exposed to the wrong person if shares are not properly setup. Therefore, caution should be exercised when file sharing is setup, including the ability to automatically purge out files after a period of time.
Manual or Automated Approach
Though breach preparedness appears to be a straightforward procedure, businesses need to know about automated scanning and human approach. If AI and scanning technology are used on computers that are not connected with in the network, it can allow companies to lock down, move or find sensitive files. Obviously, you can not trust all employees, and as a result, the likelihood of insider threats is much more higher than an outsider threat.
Despite the fact, employees play a central role in breach preparedness, and therefore, they should be given a regular training to cope with various situations. Companies need to arrange training courses for fresh employees and refresher courses for experienced staff.
In the long run, awareness and education help people in understanding how and when shadow IT (cloud storage and restricted access to data) can be used. While working on an information breach preparedness plan, organisations should adopt a careful attitude so that employees cannot use shadow IT and other risky applications inappropriately.
During and after a data breach, experienced and qualified employees are expected to perform their jobs immediately. In case, emails are not accessible due to data breach, users often select, though not recommended, Gmail, Google Drive, or other public email clients to continue business activities. The company management is responsible to inform employees not to use any third party system while the company’s servers are down because of the breach.