Beyond Backup and Recovery: Keeping Your Data Safe from External Threats

The foundation of a business is data: products, services, and most importantly, customers. Many business owners recognize the need to invest in data protection, including robust backup and recovery solutions. This reflects a concern for potential data loss. However, what if the data is discovered, or worse, taken without permission? What happens when unauthorized individuals gain access to data that is proprietary or otherwise confidential?

Before we discuss what malefactors do with stolen information, it may be helpful to explore how they might go about acquiring it in the first place.

One very common method of collecting sensitive information is phishing. Unlike regular spam emails, phishing emails tend to have a threatening tone. The reason for this is simple: they want you to click on the link before you have time to stop and think about it. To make matters worse, spammers will often impersonate trusted senders, such as executives and clients.

Once you’ve clicked the link, you may arrive at a website that is all too familiar: perhaps it’s Facebook, or a banking website. The only problem is that it’s not; it’s an impostor. While it may look just like the real thing, any information you provide is captured by the spammer and can thereafter be used as they see fit.

Another method is to look for data that has been made public by mistake. If permissions have been configured improperly on the server hosting the data, then anyone with Internet access and the web address may be able to view the data. In other cases, the public exposure is unintentional, but perhaps more importantly, it can be just as preventable. While no one enjoys the process of updating software, it is a crucial part of keeping a system and its data secure. An unpatched vulnerability can allow even individuals with limited knowledge to hack a system and extract data. The Heartbleed bug reported in 2014 was just one incident among many.

Once they have your data, what do they do with it?

Surprisingly, some individuals disseminate their findings free of charge. For example, the group behind the Ashley Madison data breach made the stolen information available to the public via popular torrent sites. Alternatively, many perpetrators have a financial motive. Once they have the data, they may try to sell it or demand that a ransom be paid in exchange for keeping the data private.

Of course, regardless of how they intend to use the data, we would much prefer that they never have it in the first place. So, what can you do to protect your most valuable asset?

1. Practice Good Security Hygiene

   Every individual in an organization has a responsibility to protect the data they access. This includes using strong passwords and handling email with care. Staff members should understand how to distinguish suspicious email from legitimate email. While spam filtering solutions are essential and help to prevent the majority of spam emails from being delivered, they cannot provide complete protection. Additionally, staff should be encouraged to contact the sender via a different channel if they have any doubts regarding the authenticity of an email.

2. Follow News Related to Computer Security

   While some vulnerabilities and data breaches go unreported, those that are exposed make headlines. Try to keep tabs on these events and discuss them with your team. Understand what the organization did wrong and how your organization can avoid making the same mistakes.

3. Confirm That the Team Responsible for Your Data Follows Best Practices

   If you find technology news difficult to follow, then start a discussion with the team responsible for managing your data. Ask questions and seek their recommendations.