With the uptick in brand name companies experiencing a data breach, it’s no longer a question of if, but when will your company be victim to a security breach. Hackers are savvier now, more than ever before and preparing for potential breaches is something companies of all sizes must be prepared for. According to Verizon’s PCI Compliance Report, today, more businesses are at risk of data breaches, making this year pivotal for merchants and service providers looking to comply with PCI compliance standards.
The financial impact, particularly, to a business that experiences a data breach can be significant as it directly affects consumer confidence. Yet, the effects of a data breach goes beyond the financial and includes the reputation, confident and overall trustworthiness of the company as a whole. All organizations should look to address these and ensuring your infrastructure is secure and compliant is at the heart of maintaining all of the aforementioned remains intact. The good news? There are a handful of steps businesses can take to prepare for the inevitable data breach and will limit the damage caused before it impacts the business on a much larger scale.
The first step in preparing for a data breach is to establish a level of control over access with a tight “Least Privileged Access” model to quickly gain an understanding of where your business is today in terms of access rights and assets to get a solid understanding of what needs to change. Restrict administrators and consider adding controls that allow true administrator/root level access using a “fire call” account. Have a complete audit record of all changes to ensure that auditing is dynamic and any ‘access holes’ are sealed automatically. Additionally, establish an understanding across the business that security and compliance are two sides of one coin and are required at all times. Gain an understanding on internal policy and regulatory control. If you staff doesn’t understand what assets need protection and why, your business will never be fully compliant and secure. Finally, it is critical to create a clear and simple plan, if and when a data breach occurs, so your team is capable of handling the situation and dealing with communicating and gathering the data to understand what happened and lock things down as quickly as possible. Only with a process, can you avoid confusion and accusations in order to achieve a response that’s appropriate and effective.
Preparation for a data breach does not only include planning processes, but also implementing proper policies and procedures for compliance. Once the damage is done, it’s harder to regain a position of compliance. Compliance must not simply be a certification, but a continual, daily process, where IT has complete control over who has access to what data at all times.
Organizations must remain diligent and ready to act quickly in the event of a data breach. Moving forward, it’s important to plan ahead, review current policies, communicate those policies to those within the organization, and, most importantly, review the information daily.
Tim Sedlack, Senior Product Manager, Dell Software
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.