Six Critical Mistakes That Could Lead to Data Security Breaches
There was a time, in a not so remote past, that data breaches would happen to certain selected companies and businesses alone, and wouldn’t in any way impact the layman. But now, things have taken a turn, a drastic turn and we find ourselves living in a world where every company (big or small) and literally every individual can be hacked, at any given point in time.
The number of successful data breaches is on the rise, hackers are taking things to greater heights. With ransomware and other sophisticated malware at their disposal, hackers today endeavor to target thousands of companies and millions of systems across hundreds of countries at one go. Thus, it has become a big challenge today for any organization to ensure comprehensive data security.
Well, we’ve been discussing a lot on how to prevent cyber breaches and ensure data security. Now, let’s take a look at the issue from a different perspective. Let’s discuss those critical mistakes that organizations could make and thereby lead themselves to data security breaches:
1. When organizations achieve compliance and won’t want to go further…
Compliance, as we know, is vital to security. Organizations today accord due importance to security, but it sometimes happens that organizations use their limited security resources on accomplishing compliance and then wouldn’t want to go further. If we analyze the security incidents that have happened in recent years, we’d understand that many of the companies that have been attacked have been fully compliant on paper.
2. When organizations show laxity towards fixing known vulnerabilities…
Last year when the WannaCry ransomware struck worldwide, it was revealed that the hackers had exploited a known vulnerability in Windows that many had overlooked. This itself proves the importance of fixing known vulnerabilities. Researchers tell us that it’s mostly known vulnerabilities that most hackers seek to exploit. It’s to be noted that there are many organizations that won’t even bother to fix vulnerabilities months after patches have been released. This is a serious issue as far as the overall security of a company is considered.
3. When organizations don’t understand the importance of centralized data security…
Centralized data security is almost a must for all organizations today, especially since any typical organization today would have a heterogeneous IT environment that constantly changes, grows and helps the company grow. Enterprise-wide security, which is centralized and well-organized, thus becomes an absolute necessity for all kinds of firms in a world where new sources and types of data get added almost every week. Moreover, with e-commerce activities happening in full swing, most companies today deal with sensitive personal data of customers which needs to be protected. It’s centralized data security that’s needed in today’s context, for most companies.
4. When organizations don’t pay much attention to assigning the responsibility of data…
When an organization collects and deals with a considerable amount of sensitive data, it’s important that the responsibility of data and data security is assigned to someone or to some specific department at least. But there are many companies where you won’t be able to find anyone in charge of the data at their disposal. This is critical as regards the overall data security scenario.
5. When organizations overlook the importance of data activity monitoring…
Every organization that deals with sensitive data should accord due importance to monitoring data activity. The access, as well as the use of the data, has to be seen as a vital part of an organization’s data security strategy. There has to be proper monitoring about who accesses and uses data and also about how and when it’s accessed and used. This helps find out if the data activity is normal or not and also detect any abnormal activities. There are many companies that overlook the importance of data activity monitoring and end up being targeted by hackers.
6. When organizations don’t understand the importance of employees’ involvement in the data security process
The data security process works perfectly well only with the participation and proper involvement of the employees of an organization. Hence every organization should endeavor to teach and train its employees as regards the various aspects of data security. Many companies, however, don’t do this and eventually small mistakes committed knowingly or unknowingly by employees sometimes leads to a massive data breaches.
Julia Sowells150 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.