The question “How to prevent data breaches?” is similar to ‘how do you prevent car break-ins?’ Cars are still very easy to break into. Their windows are not made of steel. However, you can make the hassle and risk of breaking into the car outweigh their desire to get inside. Keeping money, valuables out of view. Locking your car, windows up.
The same concept applies to data breaches. Two primary measures will lower the chances of a data breach. First, minimize the attack surface. Less attackers means less chances one gets in. Second, make what is accessible more hassle than it is worth. If things are locked up tight, attackers are more likely to move on to easier hunting grounds.
Here are a few suggestions on how to achieve these goals:
- Have a written, clear plan of action for a data breach situation. This allows everyone to react quickly and confidently.
- Make regular backups using the 3-2-1 rule. At least 3 copies, in 2 different formats, with one of those copies living off-site. Protect against disaster, data ransom, as well as data corruption. Backup often to minimize how much data is lost.
- The cost is storage space. The more often you backup, the more data you have; the more storage space & media required.
- Have strict controls placed on access to information.
- Keep unauthorized people out of your networks. Segregate guest & vendor access from your network completely. The same thing goes for physical access to your systems.
- The more sensitive the data, the more layers of security that should be added. Banks do not just have a vault. There are guards, cameras, and alarms too.
- Do not hand out information over the phone without a secondary method to verify their identity. Support portals can be helpful for this.
- Use monitoring and metrics in your environment. Spot issues & trends quickly, as well as helping with diagnosing performance issues.
- Use SSL on all of your sites, public and private. Use it for everything. The certificate cost is easily justified versus what can happen to your reputation and bottom line without one.
- Provide VPN Connectivity for linking remote sites and remote employees to the main office. This protects your data in-transit.
- Keep all of your software and OS relatively up-to-date. Create a regular update schedule and try to stick to it.
There is no such thing as 100% guaranteed protection when it comes to data breaches. You can take reasonable precautions to greatly lower the risk of this happening in the first place, as well as limiting the impact if it should happen. Talk to your hosting provider about how you can start preparing your environment.