To prevent a data leak:
- Make sure your business complies with all applicable data privacy and security regulations such as GDPR, ISO 27001, or HIPAA if you’re in the healthcare business – GDPR ensures that the privacy of European citizens is respected, while ISO 27001 is an international standard that enables organizations to continuously manage the security of their assets. HIPAA, on the other hand, is a federal law mostly talked about in the US that requires organizations to adequately protect sensitive patient health information from being disclosed without the consent of the patient.
- Identify and properly guard all sensitive data with a Web Application Firewall, an Intrusion Detection System, an Intrusion Prevention System, or similar appliances.
- Put in the effort to secure endpoints that communicate with servers, computers, databases, and mobile devices.
- Implement a Data Loss Protection (DLP) plan – such a plan should be centered around preventing data leaks in the first place. Such plans usually identify data that’s necessary to safeguard, then identifying and applying adequate security measures (think securing data at rest, securing data in use, and monitoring the web for data leaks with keywords focused towards your company.) Such a plan ensures that even if the infrastructure of the company you work at does get breached, you will be the first to know where it appears.
- Evaluate the permissions centered around both the software in use and databases, and, if necessary, change them to strengthen them.
- Monitor the security posture of all of the vendors of the software solutions that are in use – it’s not necessary to constantly keep an eye on the software vulnerabilities found in these solutions – that’s the job of security engineers – but if you can perform some research on the security scoring of the company that makes the software work, that’s a step in the right direction.
- Finally, make good use of data breach search engines – most search engines will not only let you know you’re exposed in a data breach, but also provide you access to an API solution which will let you implement the API offering into the infrastructure of your company, scan through data breaches at your pace, and ensure that your company does not fall victim to the threat of data breaches.
While the steps mentioned above won’t ensure that the company you work at won’t ever suffer from a data breach, they will significantly lessen the chances of a data leak. Applying even some of these steps will improve the security stance of any company immensely, so make good use of these tips, and until next time.