According to a survey conducted on business losses from cyber-attacks, more than $450 billion was lost in 2017. Even knowing the imminent danger of cyber-attacks, less than half of companies surveyed believe they are prepared to deal with cyber-attacks. In this article, I’m going to list 5 security principles I believe will immediately help you prevent data leaks. When designing a security architecture to stop data leaks, many enterprise IT security teams either have a reactive mindset, where they focus on post-breach scenarios, or a pro-active mindset, where they invest heavily in creating an impregnable network boundary. Though these approaches are perfectly fine, there is also a dire need for non-stop monitoring of data systems. You should assume your systems can be compromised at any time, and you should have an immediate response in place to deal with such incidents.
Given below are 5 major security principles that will help you prevent data breaches:
1. Prepare to strengthen your network
Determine the core functions of the company, where the core data resides and which teams handle that data. Once you have prioritized the data, assess their vulnerability and decide the security measures that have to be put in place to secure it. Create and assign security roles such as vulnerability incharge, threat incharge, risk incharge, physical security incharge and more. Determine how files and folders move across your network internally and externally and document the findings. These steps will all help give you full visibility of your entire IT infrastructure.
2. Identify threat vectors and define threat indicators
Identifying and documenting threats is a significant part of your data security program. You should update any plan you have to include the latest security threats out there. For example, determine what threats your databases, network shares, mailbox servers, File Servers, Active Directory servers and other components may face. Other threat areas are removable storage, mobile devices, printers, and other devices with the potential of moving/exporting data. A few examples of data threats are privilege abuse, insider threats, viruses, hackers and others. You will have to correlate these threats with global security intelligence to come up with threat indicators and response plan.
3. Analyze risk factors and create response plan
After you have identified the threats and developed a means to detect them, the next task is to find out the risks of the potential losses when the threats become a reality. A few possible risks are; data leaks leading to brand disrepute, compliance regulation failure, financial penalties, legal troubles and more. After you have analyzed all the risk factors, create a response plan to deal with them. You can use LepideAuditor to roll-back unwanted changes in Active Directory and restore entire Group Policy Objects.
4. Audit IT changes
Continuously audit user activities, files and folders accesses, system configurations and security policies changes to protect your data and immediately detect data breaches. The audit reports inform all stakeholders, including management, of the specific risks that may affect their business processes.
With regular auditing, you can detect internal and external threats as well as provide remediation procedures to stop the damages. Create both real-time alerts for immediate detection and threshold alerts for to help you spot abnormal behavior. You can do this using Windows own tools or deploy a specialized Active Directory auditing solution such as LepideAuditor, which will help take away some of the stress through automation. It performs continuous auditing of Active Directory, Group Policy Objects, Exchange Server, SharePoint Server, SQL Server, Office 365, Windows File Server and NetApp Filer.
5. Respond to threats and restore systems
Do data forensics to investigate system events. Scan audit logs of all file servers to find out the source of events and all useful audit information; including the “who, what, when and where” details. Once you have investigated the events and found out the causes, you can take corrective measures. You should also be able to undo unwanted actions if necessary. For example, LepideAuditor allows you to restore Active Directory and Group Policy changes to their original states. You can use it to cleanup Active Directory automatically by handling obsolete user and computer accounts. Our solution also allows you to execute customized scripts (created in VB Script, PowerShell or BAT file) whenever a user-selected event is captured.
If you need help with any of this, don’t hesitate to give one of our product specialists a call and arrange a one on one demo. We can show you exactly how our auditing solution can help you secure your IT environment and answer any questions you have.