Bracing for data breaches

Information technology experts know that with a highly connected world emerges more data breach threats, especially for business data.

To protect your databases, you need to plan ahead because in a large measure, “failing to plan is planning to fail” and such failure could cost an organization time, money, productivity and reputation.

Above the obvious advice that every employee should be allowed access to information on a need to know basis, namely through role-based controls, monitoring all systems (including the mobile devices) for data leaks help a great deal.

Here are a few things serious IT professionals can do to protect their businesses against all flavors of potentially damaging data breaches:

• Directly monitor financial databases to keep on top of unusual activities;
• Assess and remediate weaknesses to guard against unauthorized access (even with proper authentication);
• Audit user access and use of resources;
• Learn how users are using the databases to detect unauthorized activities;
• Check transaction authenticity (cross-check with the paper trail);
• Sollicit independent reviews to get that all important second opinion;
• Automate as many controls as possible to reduce manual audit errors;
• Make use of encryption to protect the information.

Remember that different types of businesses need to brace for different types of data breaches so keep in mind that what works well for your neighbor might not work as well for you.

In any business, there needs to be a response team which can take decisions when a breach is identified and that can go as far as shutting down all the database systems until the threat is properly dealt with. The general counsel should be part of that “emergency team” and proper training should be given so they understand the importance of dealing swiftly with a threat to prevent aggravated damages.

IT forensics teams can be called in to properly trace the source of an attack that has lead to a data breach. This team can conduct triage which can include heavy activity monitoring and the temporary deactivation of key services, until the threat is properly addressed.

It should also be mandatory for PR to be in on the action because you’d rather hear the bad news, in a controlled manner, from them than, say, the New York Times. Furthermore, in a case where customer data has been breached, they need to be properly presented with the facts.

Once the data breach is remediated, the organization must modify the business practices that allowed for such a breach to happen, in the first place. As always, preparation is key.

Tags: security, data breach, database breach, unauthorized access, user access, it audit, transaction authenticity, manual audits, automated controls, encryption, data protection, unusual activities, data monitoring