5 Steps to Ensure Your Enterprise Data Security

It’s never been more important for large enterprises to have a comprehensive data security strategy. In today’s environment, the majority of cybercriminals aren’t out merely to cause disruption – they’re specifically targeting firms’ most valuable digital assets, either to sell on for direct financial gain or to use as extortion material.

This matters because the costs of failing to protect your enterprise data from cyberthreats can be enormous. For the largest companies, mitigation and recovery efforts can easily run into millions or even tens of millions of dollars. The repercussions can also last for years, with reputational damage, regulatory penalties and class-action lawsuits all contributing to ongoing costs.

As a result, it’s vital that cybersecurity strategies are updated to focus on protecting sensitive data from the newest tactics being used by today’s highly organized hacker and ransomware groups, who are constantly refining their skills to evade traditional methods of detection.

Data security refers to a wide range of efforts enterprises must undertake in order to protect against the loss of sensitive details, which may include assets such as:

• Customer and employee personally identifiable information
• Financial details
• Intellectual property
• Trade secrets
• R&D details

For most firms, the volumes of information they possess will have grown exponentially over recent years, thanks to big data and cloud applications that make it easy to collect, store and process very large data sets.

However, a key challenge for many enterprises is that their existing security landscape was not built to cope with this new environment. Many programs may have been designed when an organization was smaller, or prior to it undergoing significant changes in how it operates. What was fit for purpose even a couple of years ago may no longer be up to the job.

As companies evolve and grow, a range of new challenges open up. Larger businesses mean more users and touchpoints, and these often require a different approach to data security. Meanwhile, the post-pandemic era has seen a huge increase in trends such as remote and hybrid working, which opens up a wide range of additional – often unprotected – endpoints for cybercriminals to target. Therefore, understanding where any new gaps may appear is critical to building a modern data protection solution.

In order to address these cybersecurity challenges and avoid a potentially costly data breach, there are a series of steps that businesses must take. A good data protection plan will be wide-ranging, covering everything from accidental data loss to how to respond if first lines of defense fail. 

However, there are a few essential steps that no program can afford to overlook. Here are five key areas enterprises need to address to stand the best chance of defeating hackers.

A critical first step must be to have a complete understanding of exactly what data you possess, where it’s stored and processed, and how it’s currently secured. You can’t protect what you can’t see, yet almost all enterprises suffer from ‘shadow IT’ to some extent, where individual teams of employees adopt their own unauthorized storage solutions or applications.

The UK’s National Cyber Security Centre offers specific guidelines on how to conduct a data discovery and risk assessment, with an emphasis on finding this data and bringing it within the scope of enterprise security solutions, rather than reprimanding staff for using unsanctioned devices or services.

This isn’t a one-time activity – it should be conducted on a regular basis to ensure any new devices, cloud storage solutions or other tools are fully visible and accounted for.

Human error remains the biggest cause of enterprise data security breaches. All it can take is one mistake for even a large enterprise to be badly compromised, and cybercriminals are well aware of this. For instance, there are a wide range of social engineering tactics cybercriminals can use to gain passwords, bypass access controls or even convince employees to hand data over directly.

Email phishing attempts may be the most common, but other avenues should not be overlooked. And as human error is a factor in around 95 percent of data breaches, enterprises need to ensure they have a comprehensive strategy in place to educate employees about the risks and what telltale signs they need to be on the lookout for.

This should involve ensuring employees understand their role in data security – and this applies to everyone, regardless of the level of access they have. It’s also important to test individuals frequently to make sure the message is sinking in.

While prevention is always better than cure, firms can’t simply assume their defenses will provide 100 percent protection. Therefore, a clear plan that details how to respond to any cybersecurity incident is essential in ensuring that any damage is minimized and normal operations can be resumed as quickly as possible.

This should include a clear step-by-step plan for what to do in the event of a malware incident – such as isolating systems from the network, ensuring all evidence is preserved and preventing the spread of any infection. It should also detail how backups should be accessed to recover data and set out who should be responsible for informing all relevant parties, from employees to regulators and law enforcement.

Preventing unauthorized access to your sensitive data isn’t just about stopping hackers at the perimeter. It also means guarding against dangers that are already within your network. This may include criminals who’ve been able to bypass defenses through the use of compromised credentials, as well as the risks posed by an insider threat – i.e., someone with legitimate access to your system who may want to do harm.

To address these issues, strong access control policies are essential. This should include basic safeguards such as the use of strong passwords and multi-factor authentication to ensure hackers cannot use stolen credentials to bypass defenses. 

However, it should go beyond this with concepts such as role-based access control and the principle of least privilege, which ensures account holders are not able to access data that is not necessary for their work. Strong monitoring tools to spot any suspicious login attempts or access requests are also important in preventing criminals from getting their hands on sensitive information.

Data encryption plays an essential part in keeping sensitive information safe from threats, as this ensures that even if criminals are able to breach initial lines of defense, the assets they find will be of no use to them.

The most mission-critical data should be protected by tough encryption at all times, including both in storage and when being transferred. However, it’s not usually practical to apply the strongest defenses to every piece of data, so firms should use the insight gained from data discovery and classification activities to prioritize their efforts accordingly.

In order to ensure a comprehensive enterprise data security solution, firms will need to deploy a range of technology tools to protect information at every stage. This includes perimeter defense, monitoring tools and endpoint protections. However, companies also need to take steps to protect data in the event they do suffer a perimeter breach. Some of the key components of this are as follows:

Preventing data from leaving the network is an essential last line of defense against threats like ransomware. Dedicated anti data exfiltration (ADX) solutions work across every endpoint and analyze all traffic exiting the business for suspicious behavior. When anything out of the ordinary is spotted, the attempts can then be automatically blocked.

The ability to spot when a user is trying to view or download data they shouldn’t have access to can help track otherwise hidden attacks that have bypassed perimeter defenses, as well as identify malicious insiders. Solutions that can automatically log any activities and flag suspicious behavior, such as multiple failed login attempts, actions at unusual times or from odd locations, or large volumes of requests for data, are vital in this.

Data masking aims to prevent the exposure of sensitive data by creating realistic but inauthentic versions of critical information. Using this data, as opposed to real customer or business assets, is vital when testing software, while it will also be especially important for firms that need to comply with strict regulations such as HIPAA.

Effective backup and recovery tools are essential in ensuring that, if data is deleted, encrypted or otherwise corrupted by ransomware, it can be recovered as quickly as possible. It’s important to determine how often backups should be made – with the most important data backed up most frequently, or even continuously.

There have been a huge number of examples over the years of what can happen when large firms neglect their data security strategy, and the huge financial and reputational costs this can create.

For example, among the costs of Equifax’s 2017 breach was a $575 million settlement with the FTC in 2019, which included a minimum of $300 million in compensation to affected users. Meanwhile, in the UK, British Airways was hit with a £183 million fine from the country’s regulator after customer financial details were stolen, though this was later reduced to £20 million on appeal.

Last year’s attack on MGM Resorts also showcased the damage that social engineering attacks can cause. In that case, access was said to be gained via a voice phishing scam, leading to disruption across its Las Vegas hotels and casinos that lasted several days and cost over $100 million.

These incidents – and the many more data breaches and ransomware attacks that occur every year – all highlight the need for comprehensive enterprise data security. They illustrate the wide range of attacks that cybercriminals can use to breach defenses, meaning organizations cannot rely on any single solution. Instead, a holistic approach that includes multiple layers of defenses is required to protect against evolving threats such as ransomware.