To protect your databases, you need to plan ahead because in a large measure, “failing to plan is planning to fail” and such failure could cost an organization time, money, productivity and reputation.

Above the obvious advice that every employee should be allowed access to information on a need to know basis, namely through role-based controls, monitoring all systems (including the mobile devices) for data leaks help a great deal.

Here are a few things serious IT professionals can do to protect their businesses against all flavors of potentially damaging data breaches:

• Directly monitor financial databases to keep on top of unusual activities;
• Assess and remediate weaknesses to guard against unauthorized access (even with proper authentication);
• Audit user access and use of resources;
• Learn how users are using the databases to detect unauthorized activities;
• Check transaction authenticity (cross-check with the paper trail);
• Sollicit independent reviews to get that all important second opinion;
• Automate as many controls as possible to reduce manual audit errors;
• Make use of encryption to protect the information.

Remember that different types of businesses need to brace for different types of data breaches so keep in mind that what works well for your neighbor might not work as well for you.

In any business, there needs to be a response team which can take decisions when a breach is identified and that can go as far as shutting down all the database systems until the threat is properly dealt with. The general counsel should be part of that “emergency team” and proper training should be given so they understand the importance of dealing swiftly with a threat to prevent aggravated damages.

IT forensics teams can be called in to properly trace the source of an attack that has lead to a data breach. This team can conduct triage which can include heavy activity monitoring and the temporary deactivation of key services, until the threat is properly addressed.

It should also be mandatory for PR to be in on the action because you’d rather hear the bad news, in a controlled manner, from them than, say, the New York Times. Furthermore, in a case where customer data has been breached, they need to be properly presented with the facts.

Once the data breach is remediated, the organization must modify the business practices that allowed for such a breach to happen, in the first place. As always, preparation is key.

Tags: security, data breach, database breach, unauthorized access, user access, it audit, transaction authenticity, manual audits, automated controls, encryption, data protection, unusual activities, data monitoring

All these questions quickly come to mind for information security experts who look to secure data in all ways possible to prevent that it get leaked into the wrong hands.

The internet connects over 1.5 billion people daily, for anything ranging from email or web surfing to complex remote medical interventions — that makes for a tempting target for ill intended individuals looking to get their hands on sensitive data, which is basically why you need to protect yourself better.

What you did to protect your data a year ago probably isn’t as good today because the very nature of threats keeps shifting in sometimes unforseen territories. Regularly assessing the efficiency of your data protection will become even more critical in the future as attackers, ranging from more or less talented hackers, organized crime and even foreign governments will try their best to steal anything of value (for them) that you may have.

Your computer’s hard drive is like a proverbial safe which instantly becomes (way) more vulnerable from the moment you connect to the internet or even a home wireless network.

If you intend to have the upper hand against those determined to steal your data, you need to be one step ahead of them, namely with the following no non-sense strategies:

• Enclaves – Early on, determine what’s the most sensitive data you must protect and give it special treatment because that’s probably what the data thieves will be looking for.
• Border firewalls – Network-layer firewalls work best when combined with application-layer counterparts so be creative in protecting your “borders”.
• Strong authentication – Require strong passwords (on everything) which must be changed regularly and for more serious security needs, consider using token-based systems (physical USB key-like devices with ever changing “tokens” to access the data).
• Configuration and patch management – Make sure your (1) equipment, (2) software and (3) human resources are always “well maintained”… and up-to-date!
• Host-based firewalls – Server and workstation intrusion, virus and malware protection is still essential to weed out the unwanted stuff that somehow finds a way in (in spite of all the other protections).
• Data encryption – Make sure to especially encrypt data on mobile devices since they’re the ones likely to be lost (or stolen) when in transit — encrypt all you can.
• Awareness and training – An aggressive cybersecurity program will go a long way in efficiently protecting yourself against newer threats.

While some treat data security entirely as a hit-and-miss process, experience shows that luck favors the prepared, when it comes to cybersecurity.

Forget the antiquated (but still active, alas) Nigerian bank scam threat pouring in email boxes all over the world, the newer threats tend to be socially engineered so ensuing phishing attacks are savvily aimed at the intellectual interest of the end user, making them that much harder to debunk. In other words, attacks are getting uncomfortably personal.

As you attempt, most probably armed with gear, software and knowledge, to fend off the attackers’ attempting to break open the gates to your digital kingdom, keep in mind that people are the weak link in any network security effort.

Interestingly, there’s a corollary to the “people are the problem” saying and it has to with the widely recognized fact that people are also the most effective “tool” to fight attackers.

Although you may never be perfectly secure, make an effort to prevent data thieves from succeeding in their highly illegal —and overwhelmingly stealth— attempts to steal from you.

Tags: security, cybersecurity, it, firewall, border, encryption, data theft, hard drives