Preventing data breaches: is it possible?

Data breaches get a lot of attention and are a constant source of stress for IT and executive management. And there are a lot of articles about “preventing” data breaches. But, we need to be realistic – is preventing a data breach even possible?

Most security experts agree there is no single solution that provides ironclad protection against cyber attacks and data breaches, especially when the threats are constantly evolving.

The reality is, prevention is really about limiting exposure and risk through multi-layered security practices.

To understand how to reduce risk, let’s look at what a data breach is, where your data lives, and several common causes.

What is a data breach?

In its most elemental form, a data breach occurs any time confidential information ends up in the wrong hands outside of your organization, and can be used for nefarious purposes against the company and/or its customers.

The most common targets for a breach are:

– Company records, often to be sold on the dark web or held for ransom.

– Financial information, to enable fraudulent purchase of goods through the business.

– Customer data, to sell on the dark web to create false identities, and to fraudulently buy goods in customers’ names.

Where does your data live (and travel)?

Data is both digital and physical. Knowing where your data “lives” helps define the strategies and defences you need to protect it.

Digital data is vulnerable to cyber attacks, and the vast majority of threats originate from external sources. Attacks have also been known to come from disgruntled employees or supply chain partners with authorized network access.

Businesses with on-premises IT infrastructure need a robust firewall and user authentication features to keep information secure. Data stored on file servers and in document management systems (a.k.a. data at rest) should be encrypted and password protected. Businesses using cloud-based solutions need to take the extra step of protecting data streams during upload, download, and email transmission (a.k.a. data in transit).

Physical or printed data (also data at rest) is similarly exposed to risks. Printed documents such as company financial records, payroll reports with employee SIN numbers, customer mailing lists, a new product launch plan left unattended on a desk or in a printer exit tray may be too tempting for prying eyes to pass up. In this scenario, having a secured printing solution is a good idea to help mitigate risk.

Causes of data breaches

We often think of most data breaches as digital events driven by external threats, like a database encrypted and held for ransom or a phishing attack. But as noted above, it can also be as simple as confidential documents being stolen.

A company may have been purposely targeted for an attack, but the actual trigger is almost always accidental or based on human error.

Also, consider that the threats are moving targets. While anti-virus software can monitor network traffic for identified threats, cyber criminals are constantly inventing new versions of malware that avoid detection until it’s too late.

For instance, phishing schemes can be as simple as an email that appears to come from someone’s address book – enough for them to forget security protocols and best practices, click open the email, and let the hacker in. So, everyone has to be on guard. Always.

How to prevent data breaches

As threats can come from anywhere and be disguised as anything, the best approach is a multi-layered cyber security strategy to minimize the chances of anything getting through.

Encrypt everything

All files stored in document management systems and file servers (data at rest) should be encrypted using strong data encryption tools. Implement secured methods of file transfer other than email for sharing critical information (data in transit).

DocuWare, for example, is a document management solution that enables organizations to securely save, store, manage, and share documents in an encrypted form so data remains inaccessible to all but authorized users.

Keep technology updated

Stay current with the latest security standards and patches for your network. Make sure your document management system (DMS) complies with compliance mandates pertinent to your industry, and use high-strength, auto-generated passwords.

Utilize print management solutions

Protect hardcopy versions of data with secured printing tools so that documents are released only to those with proper credentials. Reduce the incidents of stray documents left unattended in the output tray or picked up inadvertently by the wrong user.

Implement access controls

Besides prohibiting the use of shared usernames and passwords, consider adopting Identity and Access Management (IAM) technology. IAM is about implementing access control policies to ensure that authorized users have the appropriate level of access to technology resources.

IAM tools not only identify, authenticate, and control access for individuals who will be utilizing IT resources, but they also log the activities, hardware, and applications accessed by employees.

Identity access management is implemented through various technologies such as Single Sign-on (SSO) to reduce password sprawl, and Multi Factor Authentication (MFA) in which users must prove their identity through at least three layers of authentication. There is also Conditional Access which limits user access to certain times, geographical locations, or employee groups.

Install endpoint protection

Endpoints are PCs, data entry terminals, laptops and mobile phones, printers, scanners, and other IoT devices connected to the network. Left unprotected, these assets can be exploited to introduce viruses and malware into a network.

Ricoh’s Managed Security Services include 24/7 comprehensive endpoint monitoring and response. These solutions include static threat detection to identify known threats as well as behavioural threat detection to detect the latest threats. When suspicious activity is recognized, the endpoint is immediately isolated to minimize exposure, and authorities are alerted to the breach.

Boost your defences against ransomware

Ransomware is perhaps the most popular form of cyber attack. When it happens, immediate containment and isolation of infected devices, drives, and servers are imperative the moment it is detected. The fewer devices infected, the easier and faster disaster recovery will be – without paying the ransom.

RansomCare adds another layer of protection to existing network defences by using AI to monitor files and network traffic to search for tell-tale signs of ransomware attacks – even those that have not been identified and named yet.

Even better, RansomCare is agentless and requires no installation on individual endpoints. Rather than prevent ransomware from getting in (the purpose of your other defences), it stops any active attacks that do get through. So, when an employee is taken by surprise and clicks on a phishing email containing malicious code, the outbreak will be limited.

Monitor email attachments

Sometimes it’s not the email itself but an attachment that contains malicious code or instructions to automatically begin a download of malware.

Email-based threats are combatted using safe link and attachment detection technologies that automatically scan emails for malicious links in attachments. Suspicious attachments are then sandboxed for threat verification.

A solution such as Microsoft 365™ monitors email attachment integrity, automatically encrypts emails with sensitive information, and alerts end users to emails that originate from outside the organization.

Enable web filtering

Web filtering is achieved through DNS/IP domain-based filtering that references an extensive database of known malicious sites and sources of malware, blocking users from visiting or receiving information from those URLs. IT administrators can also enable filtering to prevent employees from accessing off-limits content through company networks.

Employee training

Even with all of these technologies actively guarding your network, it turns out your first line of defence – your employees – can be your best defence.

It is essential that organizations clearly communicate to employees their policies and responsibilities for handling and printing company data, as well as the potential consequences of a breach.

Security awareness training equips employees with the knowledge they need to protect themselves and their organization’s assets from cyber threats. Every day, new cyber risks and unique data security challenges emerge. As such, every network user plays an increasingly important role in recognizing, avoiding, and preventing breaches.

Teach employees to use strong passwords, check the integrity of the sender’s email address, and look for spelling errors and poor grammar in a subject line before opening a message.

You may also want to ensure training for the handling of physical (paper) information, as well as proper phone etiquette, ie., what to discuss and not discuss in public settings on a smartphone.

The bottom line in preventing data breaches

The bottom line is that there is no single solution that is going to provide 100% protection, 100% of the time against cyber threats. But by creating a multi-layered cyber security strategy that includes user education, endpoint protection, and strong prevention and remediation strategy, you can mitigate the risk of your organization falling victim to a data breach.

Being prepared starts with intelligent cyber security services and solutions embedded into your core business processes. Build a resilient IT infrastructure, understand and manage your vulnerabilities and grow with confidence. See how Ricoh’s cyber security services can help.