In the wake of the Colonial Pipeline hack and the numerous stories of unauthorized data being transferred out of a company, I have had many clients ask, “what security features should I implement or make sure are implemented to ensure data leakage prevention?” To answer this question, we must first understand what ransomware attacks and data leakage are and how they typically happen.
In a ransomware attack, malware is usually installed on the organization’s system to lock a company out of its systems until such a ransom is paid, costing companies billions of dollars. On the other hand, data leakage is the unauthorized transmission of data from an organization to an external destination or recipient. These data leakages can happen through the web, email, mobile devices, USB keys and laptops. Data leakages, just like ransomware attacks, also can cost an organization revenue, a tarnished reputation, financial penalties and may also open them up to lawsuits, not to mention potential trade secrets and IP losses.
To mitigate these security breaches, organizations often must play defense actively. Perpetrators only have to be right once to win in this cat and mouse game. There are numerous security controls that the organization can implement, whether they are hardware or software based. In addition to these controls, it takes an organizational commitment to train users on these types of potential attacks and how everyone can actively help prevent them. Going back to the initial question of, “how can we protect our organization today?” To ensure data leakage prevention, there are three main security features to look at if they haven’t already been implemented.
Multi-Factor Authentication (MFA) adds a layer of security to the sign-in process of applications, devices and servers. When accessing such systems, the user must provide an additional identity factor such as scanning their fingerprint or receiving a code by phone or text. Therefore, if a hacker has breached an application or server by compromising usernames and passwords, they will not gain entry to that system because they will not be able to validate that they are the actual user and effectively be denied access to the system.
Conditional Access Policies
Conditional Access Policies is a way of securing your network by leveraging identity signals to enforce access policies to your network based on IP locations, devices or applications. For example, you can block access to your data or networks based on where the user is located or the type of device they are using to log into your network. So, for example, if you don’t have users outside of the continental U.S., you can enforce a policy restricting access from any other country. You can also block any user devices or specific platforms from accessing your organization’s network that is not approved or have the adequate security features required by your organization.
Data Loss Prevention
Data loss prevention (DLP) is a compliance feature designed to help your organization prevent unintentional or accidental exposure of sensitive information to unwanted parties. For example, any document containing credit card numbers, social security numbers, Personal Identifiable Information (PII) or any other sensitive information stored in your organization can be prevented and blocked from being shared or sent out of your organization automatically.
With the endless number of sophisticated ransomware hacks and data leakage, you must protect your organization and implement the necessary controls so that you can sleep peacefully at night. At Withum, we have the expertise to understand your existing environment, make the appropriate recommendations and implement a comprehensive top-down approach on security to stop the intruders and leakage of sensitive information from your enterprise.
Contact a member of Withum’s Digital and Transformation team today.
Technology and Digital Transformation Services