The protection of personal data has never been more important for organizations, but many still lag behind with securing that data. With compliance regulations such as HIPAA, PCI and GDPR top of mind for many, are organizations ensuring that personal data is protected at the organizational level? For companies both large and small, we've outlined four steps organizations can take to begin assessing personal data.
1. Define Protection of Personal Data
In May 2016, we discussed why real-time security detection matters in 6 warning signs of a Data Breach in Progress. This article notes the places within an organization's network that should raise a red flag or concern for a business. The six signs of a data breach in-progress include:
- Critical File Changes
- Obvious Device Tampering
- Locked User Accounts
- Unusually Slow Internet or Devices
- Abnormal Admin User Activity
- Unusual Outbound Traffic
As noted by Luke Irwin, US companies take an average of 206 days to detect a data breach, and the cost associated with this time frame is close to $6 million.
As the General Data Protection Regulation (GDPR) deadline looms in the near future, US companies are now forced to acknowledge that GDPR compliance is happening, and as noted by the NY times, how the bigger companies handle the GDPR, in general, may dictate or have an influence on the future practices of smaller or even medium-sized organizations. This also leads to speculation regarding if there will be an influx of companies "coming clean" prior to May 2018, as the Uber cover-up in 2017 created vast headlines.
2. Identify Data Compliance Standards Needed
Data breaches are a large concern for organizations, and data protection is top of mind for many. There is no one-size-fits-all for data compliance standards and regulations correlating to each compliance. However, as previously discussed with PCI DSS compliance, there are areas of concern that should be monitored, as they can introduce a significant risk for a data breach to occur. Though these areas below are specific to PCI compliance, many are applicable to other regulatory compliances.
- Testing Security Systems
- Maintaining Security Standards
- Policy Creation
- Tracking and Monitoring Network Access
- Practice Access Governance
3. Identify Network Vulnerabilities
With the latest Ponemon survey reporting that 67% believe their companies are more likely to fall victim to a data breach or attack in 2018, something has to give. Simple mistakes can undoubtedly cause large errors.
Application Security and passwords
Recognizing the potential for exploits with applications and implementing comprehensive security testing can help. Organizations may want to ensure that DevOps practices on internal application security are not only implemented but followed as well. Passwords, passwords, passwords. This is an instance where "recycling" is not recommended, or good for an office environment.
Identity management tools can be used for account access, and a policy-based administration requiring password requirements can solve an organization's password dilemma.
Data Backup and Tracking
Do you have a good backup? Restoring files to an original state is not something organizations should wonder about. An IT team should not only have the ability but should be able to test the practice of file and system restoration. For tracking purposes, audit logs are needed for PCI, SOX, and other compliance regulations. Modifying logs can hurt a company's data and increase the risk of a breach. Financial implications can arise when security practices are not in place. Many organizations have begun to implement change control as part of their security policy.
Excessive Access and Workstation Security
This section should really be entitled to excessive access, security, and people. With the "lack of competent in-house staff being the top threat CISO worry about most in 2018 reported as 70 percent, organizations may need to focus more on people, and not only the endpoints that those people touch, but the data endpoints as well.
Recent findings from LastPass and Ovum research reveal that close to 80 percent of IT executives based in the Asia-pacific do not have the ability to control access to cloud-based apps used by employees.
Additionally, if workstations are not configured to lock after inactivity or access from third parties is not prevented when incorrect password attempts occur, sensitive data and personal identifiable information (PII) can be obtained. Stopping a security breach at the workstation can be implemented with the right software.
4. Identify Software Solutions for Data Protection
With 1 million new variants of malware created on a daily basis, being unwilling to properly budget for the best options in enterprise security software is no longer acceptable. Richard Henderson recently commented that "we are entering a new period of regulatory enforcement of cybersecurity-related issues".
Looking at infosec objectives and their relation to the GDPR, PCI DSS, HIPAA, NERC, FISMA, and GLBA regulations and being able to identify security threats with file integrity monitoring (FIM) software will enable organizations to help secure their enterprise.
File integrity monitoring not only protects data and critical systems, but it also:
- Detects changes to applications, files, routers, servers, databases, and other network devices within the IT infrastructure
- Captures complete details of each change
- Helps identify if the change is a security risk or not
- Remediates change to original baseline when change attempts are made
As organizations need to control and monitor what changes occur, knowing what software can help with that task is just as much of a need. Learn more about FIM with our Definitive Guide to File Integrity Monitoring today.
February 6, 2018