Data Breach Best Practices

December 13, 2017 by Aaron Thomas
Information Systems

It seems like data breaches are becoming more frequent.  For large organizations, they can absorb the cost of these mishaps.  This is not the case with small and medium businesses.  The average breach will cost a business over $6 million.  Sixty percent of small business will be out of business within 6 months, because of reputation loss, and the cost to remediate.  The 40% that survive, follow these best practices on a regular basis:

1. Physical security – Ensure there are procedures to lock and verify locked status daily.  Do not leave servers or networking equipment accessible to everyone.  Do not leave paper with confidential information on printers or unattended on desks.  Track visitors within the office.

2. Firewall – Use a business class firewall with good logging.  Logging allows you to see all the activity in the event an incident occurs.  The firewall should provide antivirus on traffic before it touches the network, provide web content filtering, dual authentication and VPN/SDWan capabilities.

3. Patching – All hardware and software needs to be patch and firmware updated on a regular basis.  Manufacturers release updates as frequently as every hour.  Microsoft releases updates every month.  Once these updates are released, the entire world knows what is being fixed and knows what vulnerabilities to take advantage of.

4. Backup and Disaster Recovery – Have a well-documented plan to execute in the event of an incident.  The faster the business can return to normal, and the less data lost, the better.  Backups must get offsite daily.  Onsite backups are handy to speed the recovery process.  Cloud backups are standard these days.  They automatically perform the backup without human intervention.  Systems relying on tapes or hard drives should be upgraded. 

5. Access control – Employ a good password policy, use VPN and dual authentication, and data loss prevention.  Here is a website to test passwords. (Test these examples – Blue23* vs. my favorite place is home).  It is not about complexity, but about length. 

6. Spam filter and Antivirus – Having email scanned for virus’ and spam before it hits the network, is a must these days. It protects from phishing, and virus laden emails.  Antivirus is the canary in the coal mine.  If the system is properly protected, the antivirus software should not be needed.  However, if something gets through, it is invaluable. 

The above best practices are a must for every organization.  Larger organization should also consider the following:

1. Vulnerability scanning – regular vulnerability scanning helps identify weaknesses in the network and helps identify what hardware/software should be patched or upgraded.

2. Develop policies and procedures around a security framework – NIST, COSO, COBIT, etc. are popular frameworks on which security programs are developed.

3. Tabletop simulations – Management comes together and walks through a simulated incident or disaster and tests the controls, disaster recovery, and continuity plan in place.  The leads to building a more robust response plan.

If you have questions or need more information about any of the above please contact Aaron Thomas – or 952-476-7183.