With countless data breaches occurring even at sizable companies like Sony, Home Depot and Target, it’s evident that we need to better prepare and respond to data breaches. Preventive controls, such as anti-virus software, are not enough to stop breaches. Like alarm systems and locks, these measures help detect and deter but are not foolproof. The unfortunate truth is that as cyber-crime continues to become more sophisticated, we will be more vulnerable to data breaches if we don’t adapt to these threats. With that in mind, let’s shift the focus from prevention only to establishing controls that help you prepare for a breach and minimize its impact.
Here are five steps that can help:
Minimize password reuse. Use unique passwords so a stolen password from one account can’t be reused for another account. Where possible, strongly consider enabling multifactor authentication (MFA). These systems commonly work by requiring you to enter a unique PIN obtained from a portable device such as your mobile phone in addition to your password. Requiring two independent authentications makes it more difficult for your account to be hacked.
Encryption. Where feasible, enable encryption on your systems as well as any removable drives. If your equipment is stolen, the data isn’t useful to the criminals if they can’t access it. Both Apple and Microsoft are bundling encryption features into newer versions of their operating systems to enable full disk encryption of your system disk and removable drives. Apple offers FileVault 2 in OS X Lion or newer and Microsoft offers BitLocker in Windows Pro or Enterprise. You will need to enable this under your security settings. A word of caution: Be sure to fully back up your system before enabling this feature in case the system crashes due to a bug or power failure during the encryption process.
Off-site backups. I’m a strong advocate of off-site backups for your confidential data and precious files like family photos. It will give you more peace of mind in the event of a fire or flood, or if your device is stolen or locked out by ransomware. CrashPlan, BackBlaze and Bitcasa Infinite Drive are a few you may want to check out.
Data reduction. Save only what you need. Large organizations reduce the costs and scope of audits by removing unnecessary storage of data and isolating data only where it is needed. Treat sensitive information as toxic and clean it up where you can. If you don’t have an embarrassing email in your archives, it can’t get leaked if your account is hacked.
Account inventory. I also recommend creating a list of your most important online accounts, such as your primary email, bank and retirement accounts. This helps you prioritize what accounts you will need to review when some data loss is suspected. This is similar to having a list or copy of credit cards and personal identification when you go on vacation. If your wallet is lost, that list helps you to replace your missing information more quickly.
While preventative controls like anti-virus software and firewalls are critical, it has become just as important to consider what you would do if your data is breached. Taking these steps will minimize the impact of a data breach and help you sleep better at night.
Vincent Hoang is an enterprise architect at Hawaiian Telcom, a Certified Information Systems Security Professional (CISSP), GSNA Systems and Network Auditor (GSNA) and Cisco Certified Network Professional (CCNP). Reach him at vincent.hoang@hawaiiantel.com.