by Tim Sedlack
You can search anywhere on the Internet and someone will provide you with best practices for preventing a data breach. The reality is that despite policy implementations and other preventative measures, data breaches continue to occur to organizations of all sizes every year. While much attention is paid to breaches originating from external sources, breaches from internal sources, whether deliberate or accidental, cost businesses millions of dollars per year.
So who is the typical “culprit” of an accidental data breach? And what do you do when an accidental data breach comes from inside your organization? The costs are sky high and the “culprit” is likely an everyday employee who is unaware of what they have done.
The much-read ─ and probably even more frequently quoted ─ Verizon 2013 Data Breach Investigations Report shows that the larger the organization, the greater the threat of an insider data breach. The report cites more than 47,000 “reported security incidents” of all types, 69 percent of which were the result of internal breaches with most “culprits” acting carelessly rather than maliciously. They can be systems administrators who make mistakes with security configurations during migrations, IT administrators, or others with privileged access to perform IT configurations who accidentally open up a firewall.Another potential internal breach can occur when a systems failure occurs in the wee hours of the morning when the regular systems admins aren’t there, and someone else is asked to respond, someone who ends up accidentally changing out or disconnecting something. There is also the case where computer service vendors fail to restore security settings after performing maintenance on a system. Then, of course, there are thefts of laptops or smartphones that end up making the keys to the kingdom available to anybody.
So, what do you do after an accidental internal data breach? The following six actions will help you clean up after a breach and, perhaps, help ward off another one:
- Review and communicate your access policies to ensure you
have clearly defined user and resource requirements. When
breaches happen, go back and review policies and make sure everything is
covered. This is a good opportunity to remind everybody about what they’ve
agreed to as far as security goes. For example, did the system admin follow the
right policy and have the right approvals when doing system maintenance? You
also can add more teeth to your organization’s security policy, requiring
employees to keep data on the network rather than their hard drive, giving IT
greater control over who has access to data, and reducing the chance of a
breach when a laptop is stolen.
- Validate that all information that is supposed to be
protected is located in an area that is secured according to the policy. To
keep your organization’s data as centralized as possible, have a policy that
says take the data off the thumb drive and store on the network. Reinforce that
thumb drives or Dropbox data handling is frowned upon and jobs could be lost.
Many employees commonly use Dropbox, but this puts your data out on another,
possibly unsecure network, and the frequent outages and breaches that occur on
public cloud services add yet another layer of complexity. Storing data in SharePoint
on a private cloud storage site is a
good alternative to using your own network, however.
- Remove any extraneous access from users who don’t need
access, or don’t agree to support the access policies. Extraneous
access happens when people change jobs across departments, for example, moving
from sales to marketing, or from marketing to finance. They often still have
access to things they shouldn’t have and don’t need anymore. Another example
would be if a super-user, privileged admin for Active Directory also has access
rights for SQL Server, they could accidentally change something that can cause
a problem. You may also have an employee who has simply found some way to
obtain the access password to data they don’t need in order to do their job. Compliance,
however, requires separation of duties based on role. A core component of
compliance is that there are certain things to which you should and should not
have access. To be in compliance, you have to prove that an employee, who
previously could access something outside their current role, now cannot.
- Audit access to protected data and alert on any user
up an alert so the data owner is alerted when someone is granted access to the
sensitive information that is the responsibility of that data owner. This will
help you discover when an employee downloads sensitive documents onto their
personal device and helps to prevent a data breach.
- Audit and alert on changes to permissions to access your
have the ability to prevent changes. If you want very few people to have access
to the CEO’s inbox, or if you only want certain people to be able to go in and
change sensitive information, such as credit card or patient information, set
up an alert to tell you when someone makes changes to the permissions to access
- Create and review daily, weekly or monthly reports to ensure no improper access is unintentionally missed. You must be compliant 24 hours a day, 365 days each year, so it’s best to review reports on a daily basis. If you’re not looking at them daily, it could be too late to prevent a data breach.
You can reduce and eliminate accidental internal data breaches, but you need to be conscientious about it. By tightening your access policies and combining them with a solution that proactively tracks and reports on vital configuration changes in real time, and sends an immediate alert when critical items are changed or when patterns of changes occur, will help your organization cut down on these types of accidental breaches. Best of all, you’ll save your organization significant dollars each year.
Tim Sedlack is the Senior Product Manager at Dell Software.