7 Tips To Mitigate Data Breaches

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.efytimes.com/e1/fullnews.asp?edid=163116

Data breaches have grown a lot in last few years. Data breaches can be
controlled and prevented. The awareness for preventing data breaches has
grown too. Organisations are following several practices to control data
breaches. Today we have listed seven tips to mitigate data breaches.

1. Prioritise Data Protection:

Some level of prioritisation of data protection practices can be very
effective. You can safeguard most important assets by prioritising data.
Many security practices have become very general and they are rapidly
spreading. Organizations spend lot of time in trying to protect everything,
which is not possible in every case. Hence, It is way more effective to
protect what’s vital and accept the fact that rest of the data can be
compromised.

2. Document Your Response Process:

There is a high demand for documenting the process of protection. This can
help in following the set security measures. Stress level rises during
security attacks. You get pulled in many directions, in such case, if you
have documented process, you can avoid omission of key actions. The
checklists can be of great help.

3. Make Users Part of The Process:

The most forgotten aspect of incident response is to inform end-users. If
some organisation’s data of user credentials gets stolen, it can impact
end-users in greater way. It is IT team’s responsibility to inform the
affected users so that they can change their passwords. It is important to
make users part of the process.

4. Understand Business Context:

Developers are required to take systems and applications offline for
analysis. If developers are investigating a system for potential
compromise, it is important to know what credential data is stolen. This is
important to consider the business impact of the data breach. Organizations
can easily leverage data loss prevention tools to map out important data
flow.

5. Be Thorough:

It is easy to find apparent source of malware in an attack. Developers can
track attacker and find the source of malware and even eradicate it.
However, you might miss some traces of it on your system. Developers should
follow every piece of the evidence until they are sure that they have
uncovered all of the attackers.

6. Proactively Collect Data:

It is always a good practice to collect all the required data in advance.
Developers should record correct logs for properly configured security
system or packet traces from relevant network locations.

7. Go with the Flow:

Packet analysis provides great visibility in network traffic. Number of
packet capture required to cover potential targets and locations make it
cumbersome and costly for packet analysis. Flow technologies like Netflow
help in delivering performance metrics. Flow technologies provide up to 90
per cent visibility from packet analysis.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!