Carrying out regular data security risk assessments is vital to establishing current security gaps and recommending remediations for breach prevention. Many compliance regulations mandate risk assessments as part of a comprehensive security strategy.
What is a Data Security Risk Assessment?
Data risk assessments can be broken down into three fundamental steps. First, identifying what the risks are to sensitive data and security states. Secondly, identify and organize your data by the weight of risk associated with it. Thirdly, take action to mediate risks. If you want a more comprehensive overview of what a data security risk assessment is and how to be successful, read our blog. So, where do you start?
There are a number of key indicators that you can look for to determine your current risk levels. Some of them will be easier to determine than others. To ensure a successful data risk assessment, it is advised that you include all of the below key indicators in your analysis as a minimum (although there are many others.
The Lepide Data Security Risk Assessment Checklist
Our checklist can be broken down into three key stages: governing access to data, analyzing user behavior, and auditing security states.
Governing Access to Data
This stage of your data security risk assessment should deal with user permissions to sensitive data. The first step will be to determine where your sensitive data is located, what it is, and who has access to it. Once you know this, you should be able to determine the following:
- Users with Admin Privileges: These users will need to closely be monitored to as they effectively hold the keys to your kingdom and have free reign over sensitive data. They are your biggest insider threats. Try to reduce the number of users with admin privileges as much as possible.
- Permission Changes: Visibility over when permissions change is key to ensuring that you can maintain a policy of least privilege and that you are not creating over-privileged users.
- Changes to Security Groups/Configurations: Any changes that are being made to security groups, configurations, and OUs could potentially lead to over-privileged users. You need to audit these changes and investigate them.
Analyzing User Behavior
When you have determined who your high-risk users are, you need to analyze their behavior so that you can spot anomalies that may leave you exposed to risk. The key indicators of risk here are:
- Modifications to Data: Whenever sensitive data is copied, moved, modified, renamed, created or deleted, it could affect your data security posture. Proactive auditing is required to ensure that changes being made to data are authorized and within “normal” user behavior. Occasionally, large numbers of file modifications over a small period of time could indicate a data breach in progress.
- Failed Logons: Failed logons are a key indicator when determining whether you are being attacked. Many cyber attacks cause a high number of failed logons over a short space of time, such as brute force attacks. Failed logons should be analyzed and if they appear to be out of the ordinary, they should be investigated thoroughly.
Auditing Security States
The final piece of the puzzle is ensuring that your security states are not leaving your data unnecessarily exposed. There are many things you can watch out for here, a few of the key ones are listed below:
- Inactive/Disabled Users: These accounts create a larger potential attack surface to be exploited by attackers and should be cleaned up where possible.
- Stale Data: This data creates a larger potential attack surface to be exploited by attackers and should be cleaned up where possible.
- Users with Passwords that Never Expire: These accounts are security risks. If an attacker gains access to such an account, they could potentially have that access indefinitely. Stringent password policies should include regular password changes as standard.
- Open Shares:Open shares leave data open to everyone, which presents an unnecessary risk. Removal of open shares is recommended.
- Empty Security Groups: These groups create a larger potential attack surface and should be cleaned up wherever possible.
- LDAPS: If the Secure Lightweight Directory Access Protocol is not enabled, you could be putting yourself at risk unnecessarily.
How Can I Perform My Own Data Security Risk Assessment?
Gathering up this information without help is practically impossible. In fact, some companies make a lot of money offering data risk assessment services at steep costs. Thankfully, the data security market is maturing to the point where you have vendors offering this service for free.
At Lepide, we offer a fully turnkey data security risk assessment, where you will be given a full report on potential vulnerabilities and advice on how to address them. There’s no obligation to proceed with the solution after the risk assessment process.
What have you got to lose?