Essential Data Breach Protection Tips
What is a data breach? A data breach is when sensitive, protected, or confidential information is exposed to …
FACT: The average cost of a data breach in 2023 was USD 4.45 million, which is a 15% increase over the previous three years. (IBM)
Beyond the financial cost, data breaches can have significant consequences on your business.
They can disrupt business operations, erode customer trust, and damage your reputation.
To help protect your organization, here are the top 20 data security best practices you need to implement:
Contents
1. Implement A Strong Password Policy
Require complex passwords with a minimum length of 12 characters. Do not enforce periodic password updates.
These encourage users to simply rotate a single character when updating the password (e.g. SuperSecret1 to SuperSecret2). There should be no password composition rules defining the type of characters permitted.
There also should be no requirement for upper or lower case or numbers or special characters. Use a data breach monitoring service to check passwords against known breached passwords. Finally, employees should use a password manager to generate unique passwords for each login.
2. Enable Multi-Factor Authentication (MFA)
Deploy MFA across all systems and applications, especially for remote access and privileged accounts. This adds an extra layer of security beyond passwords.
Multi-Factor authentication significantly reduces the risk of unauthorized access even if a user’s credentials are compromised. Having said that, if the victim has infostealer malware installed, an attacker can bypass MFA using a valid session token.
3. Regular Security Training
Conduct security awareness training for all employees at least quarterly.
Cover topics like phishing recognition, social engineering tactics, safe browsing habits, and proper data handling procedures.
Include real-world examples and interactive exercises to improve engagement and retention.
4. Encrypt Data at Rest and in Transit
Use industry-standard encryption protocols for all sensitive data. This applies whether the data is stored on servers or transmitted across networks.
Implement TLS 1.3 for data in transit and AES-256 encryption for data at rest. Obviously technologies change so regularly review and update encryption methods to maintain effectiveness.
5. Implement Access Control
Apply the principle of least privilege (PoLP) by limiting user access to only the resources necessary for their role. Regularly review and update access permissions, especially when employees change roles or leave the organization.
Document all access changes. This makes auditing permissions much easier.
6. Regular Software Updates and Patch Management
Create a systematic approach to apply software updates and security patches. Implement automated patch management systems where possible.
Maintain a regular schedule for manual updates where required. Always test patches in a controlled environment before deployment to production systems.
7. Backup Data Regularly
Follow the 3-2-1 backup rule: maintain three copies of data, store them on two different types of media, and keep one copy offsite.
Regularly test backups to make sure the data can be recovered when needed.
Always encrypt backup data and properly secure physical backup media.
8. Network Segmentation
Divide networks into separate segments based on security requirements and access needs. Use firewalls and access controls between segments to contain potential breaches.
This helps limit the spread of an attack. Finally, always isolate critical systems and sensitive data. These should be in their own secure network zones.
9. Incident Response Planning
Develop and maintain an incident response plan. Include procedures for identifying, containing, and recovering from security incidents.
Regularly test the plan through tabletop exercises to make sure the plan is effective and that everyone understands their roles and responsibilities. Update the plan based on lessons learned.
10. Security Monitoring and Logging
Configure systems to log all activities and security events. During an incident, the logs will contain the clues needed to understand how the breach happened and the extent of the breach.
Note, most web servers only log GET requests. This leaves you blind to payloads sent using POST requests.
Make sure you have visibility into these as well. Use a SIEM (Security Information and Event Management tool) as the central repository to collect and analyze all of your logs.
Before an incident, establish what baseline behavior looks like. Then configure the SIEM to alert on anomalies that could indicate a security incident.
11. Vendor Security Assessment
Evaluate the security practices of your third-party vendors who have access to your systems or data. Establish minimum security requirements for vendors.
When initially creating the relationship, include these security provisions in the contract. Don’t forget to regularly review your vendor compliance with your requirements.
12. Mobile Device Security
Implement MDM (Mobile Device Management) solutions for all company-owned and BYOD devices. Enforce device encryption, remote wipe capabilities, and automatic screen locks.
Restrict app installations to approved sources. As threats evolve, regularly update your organization’s mobile security policies.
13. Cloud Security Configuration
Properly configure cloud services with security in mind. Use cloud security posture management tools to monitor configurations and detect misconfigurations.
Implement proper access controls and encryption for cloud-stored data. Enable detailed audit logging across all cloud services.
Implement automated alerting for suspicious activities like unusual API calls or data transfers. Pay special attention to Identity and Access Management (IAM) permissions.
Overly permissive roles are one of the most common paths to cloud breaches. Regularly scan container images and serverless functions for vulnerabilities.
Finally, ensure all cloud storage buckets are configured with appropriate access controls to prevent data exposure.
14. Physical Security Measures
Secure physical access to data centers and offices. Use access cards, security cameras, and visitor logs.
Implement a clean desk policy to help reduce the chances of sensitive data being accidently left around. Ensure that physical documents containing sensitive information are disposed of properly.
15. Regular Security Assessments
Conduct regular security assessments, including vulnerability scanning and penetration testing. Prioritize remediation based on the risk level and impact of the vulnerabilities found.
16. Attack Surface Management
Continuously monitor your organization’s attack surface. Your attack surface is all the potential entry points that attackers could exploit.
This includes visible assets (like public-facing websites, IP addresses, and cloud resources), shadow IT, and forgotten systems. Implement automated discovery tools to maintain an up-to-date inventory of your internet-exposed assets.
17. Data Classification and Handling
Implement a data classification system to identify and properly protect different types of sensitive information. Data should be classified into four tiers: Public, Internal Use Only, Confidential, and Restricted.
For example, marketing materials would be Public, internal directories would be Internal Use, customer lists would be Confidential, and source code would be Restricted. Each tier requires specific handling protocols that become progressively stricter as sensitivity increases.
Public data can be freely shared while restricted data requires strong encryption, limited access, and secure deletion. Define handling procedures for each data classification level. Train employees on proper data handling procedures and regularly audit compliance.
18. Secure Development Practices
Incorporate security into the software development lifecycle (SDLC).
Use secure coding practices, conduct code reviews, and perform security testing before deploying code to production.
Maintaining separate development, testing, and production environments makes testing code changes easier.
19. Email Security
Implement an email filtering solution to protect against phishing, spam, and malware. Use email encryption for sensitive communications.
Consider using ephemeral messages for highly sensitive content. Train employees on email security best practices and how to identify suspicious messages.
20. Zero Trust
Implement a Zero Trust security model that operates on the principle of “never trust, always verify”. In other words, require strict verification of every person and device trying to access resources.
This should happen regardless of their location or network connection. Deploy micro-segmentation to limit lateral movement within the network.
Ensure that compromised credentials can’t be used to access resources beyond what’s strictly necessary. Implement continuous monitoring and verification of all access attempts.
Use contextual factors like device health, user behavior, and resource sensitivity to make access decisions. Treat internal networks with the same security scrutiny as external ones.
How Breachsense can help
According to the Verizon Data Breach Investigations Report, 86% of breaches use stolen credentials. From an attacker’s perspective, exploiting leaked usernames and passwords is clearly the simplest way for them to gain access to your network.
To make matters worse, according to the IBM Cost of a Data Breach Report, it takes organizations an average of 204 days to identify a breach. Even then, in 67% of cases, the breach is reported to the organization by a benign third party or by the attackers themselves.
If you need real-time visibility into your breached data, book a demo to see how Breachsense can help.
