Your data is worth a fortune on the dark web. What are the best practices to adopt for your company’s cybersecurity?
To protect your computer data, make sure you have a good computer security posture:
Understanding how cybercriminals work is key to ensuring that your corporate computer data is safe. How do they gain access to your data?
They steal your identity information, either by using phishing emails sent to your users or by exploiting vulnerabilities in systems and applications that may be out of date. They then determine which of your data are the most sensitive so they can exploit them.
Here are some best practices to improve your protection.
Classify your data by importance
The first step in a process to improve your computer security posture is to classify your data by importance. Here are a few key questions you need to answer BEFORE starting to implement efficient controls in a governance context:
- What needs to be protected?
- What is the level of sensitivity?
- Where is the data?
- Who has access to the data and when was the last time they accessed it?
Once you are able to properly answer these questions, you can begin to build a defence system to protect your most critical data according to your organization’s risk level. Too often, organizations spend a lot of money on controls to mitigate attacks, without ever taking that crucial first step.
Be aware of internal threats
A ransomware attack is the act of breaking into your systems and taking over your data by encrypting it and compromising your backups.
The criminals will demand a ransom in exchange for the encryption key that will allow you to recover your data. However, in many cases, even if you pay the ransom, your data will already be made available to other criminal organizations on the dark web. This is the multiple extortion model where a second lever can be used through blackmail, or worse, making you lose access to your data forever, since criminals find that selling this data on the dark web is of greater interest. This is why it’s important to protecting yourself against it.
However, the threat to your data can also come from within and you must also take this into account in your protection plan. Here are a few examples.
Careless workers
Careless workers may unintentionally put the organization at risk:
- storing sensitive data on an unencrypted USB drive or disk;
- leaving a laptop or other device unattended where that data could be stolen;
- leaving confidential documents on a desk.
Employees who leave
Employees who are terminated or voluntarily leave could take organizational data with them:
- intellectual property or organization data generated or used by the employee;
- customer lists;
- trade secrets.
Hindrance to productivity
Employees could circumvent security because it hinders their productivity:
- saving files to a personal hard drive;
- using applications not approved by the organization;
- unapproved collaboration.
Malicious employees
Malicious employees who have a grievance against an organization may choose to act on it:
- disclose confidential data;
- commit sabotage;
- alter or delete sensitive data.
Infiltrators
Infiltrators, working on behalf of an outside group may want to commit a data breach or other industrial espionage attack and allow an outside group to gain access and user privileges. These insiders may be:
- malicious;
- deceived through social engineering;
- coerced through bribery or blackmail.
Third-party partners
Note that third-party partners can pose the same threats and cause the same damage as an organization’s employees with similar access.
According to Threatpost, 94% of organizations provide their vendors, suppliers, business partners and others with access to their networks and systems, and 72% of these third parties have elevated permissions on those systems.
If they have poor cybersecurity hygiene, they put you at risk every time they log into your systems.
Choose the best means of protection
Once you have classified your data, there are practical and simple ways to protect your most sensitive and critical data from any type of attack.
Encryption
Make your data virtually unreadable by anyone who doesn’t have the key, both while in storage and while in transit or in use.
Secure, offline backups
Make sure your backups are not only online, otherwise they could also be compromised, making them impossible to restore.
Eliminate unauthorized file editing, deletion and movement
If you are using Active Directory (AD), there are simple solutions to protect your unstructured data and set up monitoring of your dark web footprint.
Email threat filtering
No single solution can eliminate all malware and attacks, but by eliminating most of them, you will significantly reduce your attack surface and risks.
User awareness
Your users have phones, tablets and social media accounts. Make sure they are aware of their dangers to the organization.
Password policy
How many of your users have the same password for work, their social media or their bank accounts?
Multi-factor authentication
The second static factor is no longer sufficient and hasn’t been for a long time. You need a solution that incorporates time and location and other attributes to prevent remote access to your data.
Third-party suppliers and super-administrator access
You need an approval process for all external and internal access to sensitive systems, as well as a complete audit trail and indexed log of every action, including orders.
24/7 detection and response management year round
Monitoring of your files, desktops, servers, networks, mailboxes, and user behaviour should be ongoing and include real-time automated risk mitigation, isolation and remediation.
Zero trust model
This innovative security model ensures a secure connection by eliminating transitive trust and continuously identifying and authenticating each device and user before granting them access to network applications. Your onsite and remote users can securely log in to their work environment with trusted user and endpoint identification and multi-factor and biometric authentication.
You need to construct layered data protection with redundant controls to make it more difficult for cybercriminals to access your data. No single solution will eliminate all threats. However, knowing what your IT security posture is and what IT data needs to be protected to ensure your business’s health provides your organization with solid protection against cyberattacks.
This article was written in collaboration with Harold Walker, Senior Director of VARS, a subsidiary of Raymond Chabot Grant Thornton, specialized in cybersecurity.