Best Practices to Prevent Data Breaches
Over the past decade, data security attacks have become increasingly prevalent due in part to risks around personal information being accessed from dispersed sources including social media networks, email, mobile applications, personal banking and online marketing. There is a growing awakening that critical data is at risk.
Because of the potential for monetary loss or damage to the credibility of an enterprise due to breakdown of its system or infrastructure, businesses have come to realize the importance of investing time and money on risk assessment to not only safeguard the company brand but mitigate monstrous financial losses caused through disaster or incident recovery. The following are some critical data security risk recommendations and best practices that can help companies and individuals protect their assets and operations:
- Reassess your email management. Use multiple email accounts to distribute your personal information to avoid being data theft from one source.
- Generate a robust, complex password. Although data breaches are out of your control, it is imperative to create a passwords that can endure attacks. Ideally, passwords should be at least 10 characters, and contain a combination of numbers, symbols, and uppercase and lowercase letters.
- Conceal your web browsing clickstream history. To protect against the efforts of marketing companies tracking your online behavior, configure your browser settings so that it blocks their efforts and delete your website history data on a routine basis.
- Back up data on a regular basis. The quickest way to backup files is to plug an external hard drive into your computer and copy the files to it. If you are connected to a network, you can also back up to a network drive on another computer. Make sure important data is always backed up first. Cloud services are a much more cost-effective solution for backups, and data can be restored promptly. As a caution, cloud services are potentially accessible by hackers so if you must entrust data to it, make sure it is encrypted.
- One routine mistake produced in database design is to display detailed, error messages whenever a process is not working. With this, a hacker can determine if a database is a potential victim for an injection attack by analyzing the error message in further detail. To avoid this, implement comprehensive testing scenarios to ensure database applications can immediately fall back into safe mode if a process behaves corrupt and deter any critical risk error messages being displayed.
- Engage an expert to collect and analyze quantitative and qualitative data security metrics across the workplace. These collected metrics should enrich the security procedures in place and provide value to the enterprise. Regular risk assessment is an excellent technique to measure and define security metrics to gain further insights and assess security status and position.
- A database index is a data structure used to improve a query’s execution time. By quantifying how long it takes for a particular database index to query a dataset, a hacker can leverage the structure of a database. To avoid this, do not deploy these indexes on datasets that are considered proprietary and confidential.
- Implementing user permissions is a key security requirement. Often, in a scramble to launch a database application, users are often assigned privileges that they should not have. These are the types of risks that hackers likely prey upon to gain masked access to a database. Permissions should only be distributed to essential personnel.
- Implement role-based permissions and capabilities. The information that resides in a database will be queried and accessed by many users. Appropriate levels of permissions need to be established at both the file and the sharing level. At the file level, read, write, and execute permissions, need be to be determined for various user roles with discretion. A temporary employee, or contract employee should not inherit these permissions.
- Data collaboration within the company and with third parties requires careful scrutiny. Views provide simple, granular security and restrict data that a user is authorized to examine. For example, with a customer table, a company may want to grant a salesperson access to a customer details including name and address data but withhold the credit card number. A view can be created that only include the data a salesperson requires.
- Continuously scan your network and email attachments for malware to avoid potential security threats.
- Boost security by implementing two-factor authentication that requires not only a password and username but also a piece of information only the user should be acquainted with, such as a personal identification number, password or a pattern.
- Biometrics can provide a supplementary layer of security. This technology verifies the identity of an individual by analyzing their unique physiological or behavioral features, such as fingerprints. Identification using biometric characteristics is preferred over traditional passwords and PIN-based methods because it requires an actual living person to be physically present at the time of identification. Identification based on biometric fingerprint scanning eliminates the need to remember a password or carry a secondary credential such as a credit card.
- Document recovery plans so that if there is a security attack, there are defined procedures in place, agreed by network administration, security staff, operations and application teams departments. These procedures should clearly detail what steps to take to minimize damage, including incident recovery, disaster recovery and contingency planning, and all team members listed should have clearly defined responsibilities.
- Segment your network data to avoid data security breach. This includes segmenting where critical data and sensitive data is stored, and using firewalls to restrict traffic and data access to and from those network segments.
- Employees should be periodically trained and educated regarding their roles and responsibilities in protecting data security. This will involve establishing defined practices and regulations that promote data security and training employees to identify and avoid workplace security risks.