Tag Archives: Policies

The IT Checklist to Prevent Data Breach

A big part of data security is the proactive prevention of data loss, theft, and security breach, and it is always better to prevent these from happening instead of mitigating attacks.

Here is an IT checklist for organizations to go over to prevent breaches from happening. This checklist does not only cover the roles and responsibilities of IT personnel but more importantly, should be known by all employees or team members that have access to critical and confidential data of the company.

Examples of these data include intellectual property such as source codes, product design documents, internal price lists, corporate data such as financial and strategic planning documents, research for mergers and acquisitions, employee information, and customer data—social security numbers, credit card information or financial statements.

Best Practices to Prevent A Data Breach

1. Ensure strict documentation on changes.

Seventy percent of companies undermine the importance of documenting changes, putting most critical IT systems at risk of security violations and downtime according to the 2015 State of IT Changes survey.

This practice ensures that visibility across the entire IT infrastructure is kept and provides a complete audit trail of system activities and changes made.

The human factor is always the most vulnerable area in security and considering thorough documentation of user activity as a solution, reduces the risk of employees’ inadvertence or negligence.

2. Identify threats.

A part of your data security’s responsibility is to be updated with the latest threats to security. This can be done by correlating application security quality with global security intelligence.

Ensure that your users are alerted for potential breach methods along with updating your software and infrastructure accordingly.

The gateway to your data is through your applications. Attackers know these are a weak link, making them look for vulnerabilities in applications that provide access to sensitive data. Testing applications for security vulnerabilities reduces the risk of a data breach.

3. Be proactive when it comes to information protection.

The main point of data security is to protect company information while the main component of data security is knowing your data and who has access to it.

Privilege abuse is hard to detect, so restricting access to the company’s most confidential and sensitive data to those who need it and monitoring those with privileges will greatly help in ensuring that data stays protected.

Data minimization and access control is also a powerful element. Users shouldn’t collect or have information that they don’t need. IT security, as part of database management, should also reduce the number of places users can retain data in the network.

Access to sensitive data can also be on an “as needed” basis, with strict documentation of access control.

4. Implement security policies strictly and consistently.

Continuous auditing of data changes, user activities, system configurations, and security policies helps ensure critical mistakes don’t happen and areas don’t become vulnerable for breaches.

5. Audit and evaluate your environment and network security policies continuously.

Analytics that is generated from audits help detect security incidents and find the cause of each violation. It also provides proof when a company needs to pass compliance audits.

Look Beyond Your IT Security Department

To help ensure breaches are prevented, one must look beyond the IT security department by going beyond and evaluating other departments.

Evaluate employee exit strategies (HR department), remote project protocol (Operations), on and off-site data storage practices such as BYOB devices, among other things. Once you have evaluated policies, establish new or better policies and procedures and set up safeguards.

You should also hold vendors and partners to the same standards. Third-party service providers need to maintain the same level of security standards and deploy the same measures in compliance with your federal regulations.

As hackers get more and more sophisticated, the best thing that companies – no matter the size – can do is mitigate risks and set-up control measures. In a virtual world where it’s possible to be untraceable, the best protection is preparation.


7 Tips From The FBI To Prepare Your Firm For A Cyber Attack

“In the past, the FBI wanted to operate in the shadows, but today’s Bureau is very different” said Jay F. Kramer, Supervisory Special Agent, Federal Bureau of Investigation, Cyber Division, New York Office. In an effort to make the FBI more approachable, Kramer recently provided an overview of the cybersecurity activities of the FBI at an event before hundreds of attorneys.

How does the FBI operate?

The Bureau investigates violations of federal law and significant threats to national security, making it uniquely situated to deal with today’s cybersecurity issues. In addition to being a law enforcement agency, the FBI is also a member of the US intelligence community. FBI’s mission is primarily domestic with 56 field offices across the United States, but it also has offices in 87 countries and shares intelligence and threats coming from overseas by distilling it down and packaging it at the lowest level classification possible to push it out to victims. These overseas relationships enable the Bureau to quickly respond to cyber threats by gaining access to servers, logs and data to help unravel some of these complicated cyber matters from around the world. “When it comes to cybersecurity, you’re never very far from an FBI office and from an actual person that can speak to you about issues that you’re having” Kramer said.

Here are some of the cybersecurity issues that the FBI is seeing:

    • Hacktivists use computers, beyond lawful means, to make political statements. These statements are typically about business practices they disapprove of. For example, “Anonymous”, a well-known hacktivist group, can shut down websites and social media accounts of targeted firms and individuals.
    • The US and businesses are systematically attacked by hackers sponsored by foreign governments for terrorism or to gain a competitive advantage.
    • Criminal enterprises use cyber to perpetuate old schemes, such as extortion. In the old days, organized crime would threaten the business owner directly, “Hey, listen, you’re either going to pay me or something’s going to happen here. There’s going to be a fire, brick going through your window. You’re going to be hurt personally”. With the advent of encryption technology, criminals can now gain a compromising foothold to lock down your systems. “The bad guy holds the private key to unlock it” said Kramer. Nowadays, the business owner gets an email that says “If you don’t give me 100 bitcoin, I’m going to delete your data.” The FBI doesn’t take a position on whether to pay the money or not, although it’s unlikely that the business will be able to defeat the encryption. So, the choice is to either pay or rely on back up data.
  • There are fraudsters who want to steal your personally identifiable information (PII) to empty out your bank account. More and more however, data has a value all of its own. Bad actors will infiltrate databases of client data with email addresses, home addresses, and phone numbers of your clients, and use that data to fuel billion dollar criminal enterprises such as spam campaigns, such as pop-up ads for bogus Viagra or heart medication or stock manipulation, such as pump and dump campaigns. There’s a whole underground economy of promoters and bad actors, who work in tandem and who need PII as the fuel for those fraudulent campaigns.
  • Industrial espionage for competitive advantage such as stealing product information that requires years of research. “You’d be horrified if you saw how much data is leaving the US every day from scientific firms, research firms, industrial firms, government contractors” said Kramer.

In summary, Kramer provided 7 tips to prepare your firm for a cyber-attack:

  1. Understand what your network looks like, even after all the mergers, acquisitions, and consolidations. Create a map of your networks and prepare a list of devices on the network and users on the network.
  2. Back up your data routinely and store it offsite.
  3. Know where your most important data is being held. Think about where it should be held and the protocols to gain access to that information.
  4. Develop policies for cybersecurity. What policies govern the use of data and networks by employees? Train your employees on use polices. Define where your logs and data are being held. List applications running on the network, including applications developed in house.
  5. Be aware that bad actors could be already be in your system right now and have been for a long time. Make sure your IT departments are aware of updates and are patching vulnerabilities in your systems.
  6. Develop a response plan in the event of an attack. Have a plan to work with your attorneys, PR firm, your Board of Directors. Have a team of forensic experts and outside firms available.
  7. And finally, establish a relationship with your local FBI office today, before there’s a cyber-attack