Righting wrongs: preventing data breaches before they happen

Author: Kieran O’Shaughnessy, Managing Director, Accellion, Asia Pacific

Data breaches have hit the news recently for all the wrong reasons. A major grocery chain has recently suffered a major data leak, the latest in a long line of businesses that have been forced into damage control mode after widespread dissemination of information that should never have entered the public domain.

Indeed, last year one of the world’s major entertainment businesses was almost brought to its knees after rogue operators were able to access its emails through its network and then widely publish this information. This incident alone highlighted the need for businesses to safeguard internal information at all times.

These incidents shine a light on the requirement for businesses to have proper systems in place to protect sensitive commercial information. Enterprise organisations that do this substantially reduce the risk that confidential customer information will end up in the hands of those who should never have access to it.

Here are four steps every business should take to ensure their important information remains secure.

1.Enable sophisticated email functionality

Pressing ‘send’ before you’re ready to distribute an email or ‘reply all’ when you only wanted to send a response to one person is the stuff of nightmares. Unfortunately, similar incidents have happened to most of us, which is why it’s essential for businesses to put in place protections to reduce the chance these types of scenarios can cause damage to a company.

Happily, there are a number of protocols and processes that can be implemented so that when a staff member is accidently ‘trigger happy’ when sending an email, the damage is contained.

For instance, it’s a very good idea to provide functionality so that staff are equipped to recall or withdraw emails inadvertently sent out. It’s important to train staff to ensure they know how to use this functionality and can use it swiftly. Because when these types of data breaches happen, time is of the essence.

While it’s not possible to completely eradicate damage caused by sending an incorrect email, it can help to minimise the fallout.

Read more: A World without Identity and Access Governance

2.Distribute Information on a need-to-know basis

Another important concept useful in managing the risk of a data breach is to only give users selective access to files in the system. It’s a fantastic feature when people from inside and outside the business need to work together on documents.

This functionality allows users to upload information and grant access only to a specific folder, without giving access to all information or compromising the entire network. This is a great way to facilitate easy online collaboration, without jeopardising online data security.

3.Restrict user access

A huge risk facing many businesses is unauthorised access to the system by outside parties, while a staff member is logged into an external Wi-Fi network. This is an increasingly common problem, as staff increasingly work remotely sometimes from jurisdictions where hackers are more commonplace.

An important solution to consider implementing is to restrict user access to business content by IP address. It’s a great way to ensure everyone who is working away from the office can still have all the information they need at their fingertips, without worrying that rogue parties will be able to infiltrate the system.

4.Your time is up

Another important protocol to have available for staff is the ability to place time-bound access on certain documents. This type of functionality is valuable when team members are working on documents, such as contracts, that have a time limit.

This reduces the risk that files that are out of date will be accessed, or that external parties will be able to access documents whose details are no longer relevant.

In an era where remote access is increasingly commonplace and at the same time cyber threats are growing, IT security should be a primary concern of every business,

There is a plethora of tools out there to ensure your business information remains secure. The important idea is to explore the range of options available and implement solutions to give your business the best chance of maintaining the integrity of sensitive business information.

Join the CSO newsletter!

Error: Please check your email address.

Tags data breachesemployee protectionwoolworthsAccelliondata centresIT Securitydata leakKieran O’ShaughnessyCSO Australia

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kieran O'Shaughnessy

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place