Cyber Security Solutions: Data Spillage and How to Create an After-Incident “To Do” List

Cyber Security Solutions: Data Spillage and How to Create an After-Incident “To Do” List

President Obama and China’s President Xi Jinping “understanding” about cyber theft in their recent meeting stirs up worries about company data being compromised. Unfortunately, there’s nothing you can do if a determined hacker, Chinese or otherwise, targets your computers. But a more worrying prospect is data spill because it is so common and easy for your employees to engage in.

Introducing “Data Spill”

The term “data spill,” according to the National Security Agency, refers to the “transfer of classified or sensitive information to unaccredited or unauthorized systems, individuals, applications, or media.” Such transfers normally happen not out of malice and criminal action but due to “improper handling of compartments, release-ability controls, privacy data, or proprietary information.” Important information “spills” from a “higher level classification” such as the encrypted financial records of a customer database to a lower classification, such as the email displayed on a smart phone in a coffee house.

Data spills are becoming more common because the “trend towards increased information sharing has weakened access controls, giving users without a need-to-know access to large volumes of sensitive or classified data.” The risk is high because of “inadequate end user security awareness, unmanageable networks, and poorly implemented data policies.” Malware and other intentional unauthorized access do not help the situation.

The NSA recommends several methods for securing your data and preventing data spills. Enterprise-wide cyber security solutions are essential to “control and contain” spills and offers the ability to access the violation, as well as manage the issue.

Cyber Security Solutions should be:  PROACTIVE > PREDICTIVE > PREVENTATIVE

Create and Enforce Data Protection Standards

Organizations must develop policies and procedures for accessing your data with any device, including desktops, laptops, tablets, and mobile devices. You must also consider access points that are not normally part of your IT, such as conversations with colleagues, phone calls, printouts, and hand-written notes.

Strategies can include network hardening, which manages user privileges, purges unwanted user accounts, closes unused ports, and enforces password standards. Another option is application whitelisting, which only allows authorized software to run on your devices. This prevents potentially dangerous scripts from running and minimizes the threat of malware.

However, what’s often left unaware at the employee level are the various degrees of review done at the board level. When the board is able to provide key executives and management a listing of the variety of cyber compliance and/ or cyber security requirements, the organization can then take a proactive approach, rather than reactive approach.  Developing a cyber governance approach towards cyber security solutions will help obtain greater levels of compliance and regulation, ensuring your organization’s protocol is exceeding your cyber management expectations.

Implement Data Loss Prevention

DLP is an approach that covers people, processes, hardware, and software. It develops critical controls for finding, monitoring, and protecting confidential data when it is used, stored, or transferred through or outside your network. DLP can be implemented on the network, host hardware, or through discovery, which looks for sensitive information on hardware, in applications, or through web content.

Create an After-Incident “To Do” List

If you haven’t encountered data spill, it’s just a matter of time, so it’s important to create a written policy on how to handle it, brief your employees on what to do, and acquire any necessary resources, such as enterprise-wide software tools with a complex integration platform, to handle it.

In general, your list should consist of the following:

1.       Determine if a data spill did actually happen. Don’t make a big secret of the incident just to save your company some embarrassment. Instead, inform the parties involved, such as your customers and vendors, so they can implement their own procedures for security breaches.

2.       Isolate and contain the breach to secure your systems and preserve evidence that may be needed by law enforcement or damage control. A simple breach may be easy to contain, such as shredding a printout of customer Social Security numbers that was left in the lobby. A more extensive one, such as posting those same numbers on your public website, require more complex procedures, such as informing affected customers, your Internet Service Provider, and news outlets.

3.       Report the incident to (local) law enforcement, if you believe that the incident was deliberate or a violation of criminal law was involved. They may launch their own investigations and decide whether to inform higher-level security agencies, such as the FBI.

4.       Execute sanitation and recovery procedures, which permanently remove spilled data from contaminated hardware, applications, and media. Restore any missing or damaged data from backups. Implement newer protocols, such as updating security software, to prevent similar incidents from happening in the future.

QUESTION:  Has your organization experienced a data spill?  How did your organization handle it?  What were there losses associated with the data spill – revenue, intellectual property, etc.?  COMMENT BELOW.

To discuss cyber security solutions for your business and to help your board develop a Proactive – Predictive – and Preventative approach to cyber governance, contact Pathlock to discuss your organization’s current cyber approach and learn more about our easy-to-implement and easy-to-use dashboard cyber security solutions.