Preventing data breaches and leakage: Important steps for website owners

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.examiner.com/article/preventing-data-breaches-and-leakage-important-steps-for-website-owners

These days, it seems as though we're beginning to hear an increased number
of news stories related to major companies going through a data breach or
significant data loss. Every other day, large companies are having to make
the announcement that their customers' or users' personal data has been
compromised as a result of hackers. In every scenario, however, the
ultimate responsibility for the breach falls on the website owner.

What Constitutes Data Loss/Leakage? Data loss or leakage refers to any
situation where a website's confidential data has been compromised. No form
of data loss or data breach is ever good for a website owner or company.
However, one of the worst situations to be in is that of a data breach of
customer information, as this can severely tarnish the reputation of any
brand.

Risks Associated with Data Breaches: In addition to hurting a company's
reputation, a data breach can have a number of other negative impacts on
website owners and their companies as a whole. For instance, when
intellectual property is compromised as a result of a data breach,
businesses can lose important information that gave them the edge on their
competitors. When personal information of employees is leaked, this can
also have a negative impact on employee satisfaction in the workplace (and
could even lead to lawsuits). The same can be said of customer data
breaches.

Steps to Prevent Data Breaches: Fortunately, there are some relatively
simple steps that all website owners can take to prevent data leakage. For
example, having a reliable web application firewall is a key initial step
to protecting websites from hackers in the first place. Using web
application firewall technology, hackers' intentions can be noticed and
blocked before any damage is done. In addition to using an application
firewall, website owners are also encouraged to have (and enforce) a strict
encryption policy. This way, in the event that the site is hacked, all the
important data will be encrypted and therefore unusable to the hackers.

Website owners worried about the possibility of a data breach are also
encouraged to have regular security assessments performed on their sites.
Some web application firewalls programs these days will already conduct
security assessments, but either way, this is an important step in
recognizing potential security vulnerabilities and getting them taken care
of before a problem arises.

Finally, keeping backups of all important information (such as website
coding) is a must; this way, even if the data is compromised, it won't be
completely lost. Of course, this doesn't necessarily help a whole lot in
the event of a customer data breach, but it's still worth taking the time
to do.

There's no denying the risks associated with data leakage or a breach of
data on any website. From employee information to customer data, no website
owner ever wants to find themselves in a situation where they need to
announce that any important data has been compromised as a result of poor
security.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.