Recent Blog Posts
Breach Detection Methods The first step is to build your system of breach detection methods. Because hackers and their malware aim to be invisible until they strike, it’ important to have a wide range of detection measures to identify when a breach – or the infection before the breach – occurs. Network Monitoring Network monitoring tracks all behavior across multiple systems ranging from CPU core temperature to network activity. Network monitoring allows you to track when hidden processes are using resources and unauthorized network access. Network monitoring is the channel through which all access data flows, and with expert interpretation, can reveal a breach as it happens. Access and Control Management Access and control management is the new method by which everyone with access is given minimum access. Each employee and customer can only open the files they specifically need. By tightly controlling access, you can then go on full-alert when unauthorized access occurs. Virus Scanning Naturally, your virus scanning software plays a role. Should a program try to download, install, or run with the clear traits of a computer virus, your traditional protective software should alert to the malware presence. Human Suspicion Sometimes, a staff member will bring a suspected hack to light. They may report an unusual computer activity or something unexpected in the data logs. Because humans work with the system every day, they can notice signs of an otherwise well-hidden hack . Make sure to have an available and encouraged channel for staff to send in cybersecurity suspicion reports for everything from phishing emails to unusual keystroke responses. Who Should Be Alerted Who should be told when one of your detection systems alerts on a possible data breach? CIO or CTO Your C-suite chief of information and/or technology in the company is likely high on the list of people who should be notified. They will rally the troops and decide the right course of action for a breach response. Network Administrator Your lead administrator who handles the network and security of your business systems is often the first person flagged by automated breach detection methods. They are also in the best position to take immediate action for damage control and recovery. Cybersecurity Specialist If your team has a cybersecurity specialist, they may be first on the list of people alerted when breach is detected or suspected. IT & Security Agency Many companies have an IT agency that supplies their network and cybersecurity support. If a breach is detected, they are likely already responding or will need to be the first called to take defensive action on behalf of the company. Damage Minimization Measures Make plans to swiftly minimize the damage of a data breach as soon as possible. The goal is to isolate the malware or hacker’s access to your system before eradicating the invasion, closing the breach, and recovering to an uncompromised state. This starts by protecting the rest of your network, endpoints, servers, and cloud assets from exposure. Isolate Infected Systems or Files Identify which files, data systems, or servers are infected and isolate them. With physical systems (and before the cloud) this might mean pulling the network cable so no other systems are infected. Isolation is more complex in modern business information systems, which will require a unique approach based […]
Why Backup Your Data with Office 365 Office 365 offers some great data protection, but it doesn’t actually provide for all personal data storage needs -and does not come close to all business data archiving needs. Why back up your data when working with Office 365? Office 365 Backups Only Last 30 Days The first and most important reason is that Office 365 only backs up data for 30 days, typically, or 90 days in some circumstances. This is a long time for collaboration, but not long at all for backups and archiving. 30 days means that you can’t restore backups or rollback changes made over 30 days ago. It also means that mistakes and accidental deletions that aren’t noticed for over 30 days are lost. There is no restoring data that Office 365 drops after 30 days. This includes version control from recent and old changes and the archives. Working with Hybrid Storage Hybrid storage is when you store some of your project assets in Office 365, and some on local computers or servers. This is very common for business usage where not all your data is used in Office 365 or you work with file types and editing software outside if Microsoft Office. If you are using hybrid storage, anything stored locally should also be backed up locally. After all, Office 365 can’t create cloud backups if your files aren’t within its duplicated file system. Likewise, if you set up One Drive to back up a specific local folder, this can get tricky. Changes to the cloud folder and the local folder will need to sync, including deletions, which can result in lost data. In general, if you are working with a hybrid workflow with files inside and outside cloud syncing, then backing up everything is the best way to avoid data aberrations between the two file storage systems. Compliance Archiving Office 365’s backup system also does not prepare you for compliance archiving. Many regulations require a business to keep certain documents archived for potential audits in the future. This includes things like payroll and certain employee records. Having these documents available and properly stored is essential, should they ever be needed. Every now and then, an audit will mean pulling out all of your archives for review. With Office 365 alone, there’s no guarantee that all those historical backups will still be available. Fortunately, there are other ways. Landmark Version Control You may also want to be able to roll back your projects to specific landmark points – before certain decisions and changes were made to the design and stages along the way. This is not doable with Office 365 temporary backups, but can easily be done by taking your own backups at landmark points in each project. How to Backup Your Data Alongside Office 365 How can and should you handle data backups while working with Office 365? Microsoft 365 Cloud Drive Backups The best solution is to pair your cloud-based Office software with Microsoft’s cloud storage solution. Microsoft 365 is inheriting the system from Office 365 and also offers specialized Microsoft Cloud storage. From Microsoft 365 Backup, you can choose the amount of cloud storage you need and rely on Microsoft to keep the backups in your separate cloud storage readily available for […]
Restrict Access Based on Authorization and Location The first step to safe sensitive data handling in the workplace is to restrict access. It’s probably true that only a handful of specific employees need direct access to a company’s stored sensitive data. Likewise, only a few processes and programs run on company computer systems might have a legitimate reason to directly access sensitive data. In many circumstances, there’s no need for sensitive data to ever be accessed or transported outside a physical space. So close all other points of access. Only give employee authorization to those who need access. Limit access only to specific monitored workstations inside the office. Or only permit a specific program with decryption codes to access the data under any circumstances. Create a List of Approved Uses for Sensitive Day What is sensitive data being used for in your company? For example, you would use a customer’s financial data to bill them and possibly to build analysis models for trend-spotting. You might use a customer’s home address to geo-target advertisements, or you might use a customer’s IP address to provide better local online services. But the number of things your company does with sensitive data can be written in a finite list. Determine all the approved uses of sensitive data inside the company and make that your White List. Prevent and ban all other uses of sensitive data and excuses to access it. Prevent Unauthorized Copies of the Information Copying sensitive data is a huge risk. Whether employees make a digital or printed copy or even jot down notes on a scratch pad, this is now sensitive information that could leave the secured and encrypted confines of the company. An employee with a copy of information can lose that copy in public or give it to another person who will misuse the sensitive data. So don’t allow copies unless through an approved data use process. Prevent anyone from copy-pasting text, block digital file copies from being made without authorization, and do not allow printing by default. Trigger Notifications When Sensitive Data is Accessed One of the best ways to prevent accidents is with constant oversight. Create a log for routine and approved sensitive data access. And if any sensitive data is accessed outside of 100% expected conditions, then create a notification for the security admin. This quick heads-up that sensitive data is being accessed might be enough to detect and prevent a major breach. Any time your servers containing sensitive information are accessed without the right authorization, decryption, timing, etc. will create a security incident that will need to be checked out and cleared. This concept is much like when Google alerts you to a new device login. Just in case it’s a hacker in another state. Automate Complete and Audited User Removal A critical element of sensitive data security is data deletion. When a customer deletes their account or asks for data to be destroyed, it must be destroyed completely. This means removing all lingering sensitive, personal, and possibly public information about that account-user from your servers. No identifying information can remain when an account is closed. To do this, build a system of combined automation and auditing. Start with an automated clearing and complete deletion of all known information about […]
The benefits and risks of cloud services Almost every organization with a significant amount of data entrusts some of it to the cloud. On-site systems for data require constant maintenance and upgrading. An unexpected server failure disrupts operations. Increased data requirements force the company to get more hardware. A cloud service handles the maintenance for a predictable monthly cost, and good services have redundant hardware that minimizes downtime. At the same time, cloud usage involves some risks. These considerations apply not only to services that store data, but to file syncing services. Even if data is only on the cloud server temporarily, many of the same considerations apply. Entrusting data to a service, with no fallback, can lead to catastrophic data loss if it ceases to be available. Handing data which someone else owns to a third-party service may violate contracts or legal requirements. There may be restrictions on what country information can be stored in, or the service may require certification. The uncoordinated proliferation of cloud usage by different departments may lead to redundant and inconsistent sets of data. Different cloud services may not hold the same types of information, and they could diverge over time. Besides, having two services to hold the same data is an unnecessary expense and takes more work. External and internal security risks could arise. A carelessly maintained service could be breached. Criminals using phishing and other techniques try to steal passwords. A poor setup of accounts may give access to employees who aren’t supposed to have it. The limitations of free services Free cloud services with good reputations may be a good choice for non-critical situations, However, they aren’t suited for highly sensitive data. They don’t give you a service level agreement (SLA), and they’re geared more toward ease of use than security. They can terminate or change their offerings without any obligation to you. Without an SLA, a service isn’t suitable for situations that require formal guarantees. When a business receives a copy of a partner’s confidential data, it promises to protect its security and integrity. It can hand the data only to a cloud service that makes the same promise. The same applies to information that falls under regulations or standards such as PCI, HIPAA, or GDPR. The terms and conditions of free services usually say, in effect, “You can’t hold us responsible for anything bad.” Sensitive data should be entrusted to a cloud service only if it guarantees adequate protection in writing. Written, enforceable guarantees come only with paid services. Drawing up a cloud policy These are some provisions that you may want to include when creating a policy for cloud usage. Have a lawyer review your policy before putting it into effect. Cloud usage must comply with all applicable laws and regulations. When in doubt, employees should seek confirmation that there are no legal problems. The choice of vendors must follow any company-specific restrictions. The company might have a list of approved vendors or require that data be stored only in its home country. It may require specific contractual language. The handling of data belonging to others must follow the conditions set by the owner. Data from a business partner may come with handling requirements that limit or exclude the use of cloud services. Information sets must be […]
What are the signs of a breach? The first indications that your network’s security is compromised may come in several different ways. These are the most common: Unusual network activity. If you have network monitoring in place, it will alert you if there’s a sudden change in the quantity or kind of data transfers. The alert could mean that your data is being sent to an unauthorized system. Changes in accounts. If employees are locked out of their accounts or see unexplained changes in their account status, it’s often a sign of trouble. If the account in question has administrative powers, that’s especially concerning and needs to be investigated immediately. Suddenly slower performance. An abrupt drop in performance could indicate unauthorized access, malware, and data transfers to an outside system. Anomalies in system logs. Log analysis tools will let you know if suspicious activity, such as logins from unexpected places, has been happening. Data integrity problems. Application error messages may tell you something is wrong with your data. Whether it’s a breach or some other kind of system issue, it needs investigation. Notifications from outside. You may get a message from law enforcement, from customers, or even from the perpetrators telling you your data has been compromised. How to be prepared It’s easier to deal with these signs if your people know their responsibilities and have a plan of action. Many small businesses find the best approach is to outsource data protection to a managed system provider or managed security provider. It’s difficult for a small company to justify a full-time security specialist, and giving the job to an experienced outside team is often more cost-effective. Either way, the important thing is to have someone who’s familiar with the network and knows how to deal with security issues. The people with this task should know the network architecture and the software that runs on it. If something looks wrong, they’ll investigate it quickly and decide whether it represents a danger to the business’s data. They’ll know what steps to take and whom to notify. Your business needs a breach response plan. It will specify who needs to be notified and what steps have to be taken. This means less panic and a more coordinated response. How to act on a suspected breach Whether you’ve laid out a plan in advance or not, you need to take a step-by-step approach when something looks wrong. Identify and analyze the signs of trouble. Do they indicate a significant chance of a breach, or is some other explanation more likely? Sometimes a slow system is just an overloaded system. But a breach that isn’t stopped will be expensive, so be sure there isn’t one before closing the investigation. Document and report the signs of the problem. If the breach looks real, the security team needs to let management know what’s happening and what they plan to do. They won’t have all the answers at this point, and their report should say that more details will follow. Take immediate damage control measures. There should be some quick ways to limit the damage. Dubious IP addresses can be blocked. Infected machines can be quarantined from the network. Nonessential accounts can be disabled. Identify the kind and extent of the compromised data. Subsequent actions will depend […]
