Data loss or theft can be a worrying experience for any business. As major retailers, including Home Depot, Staples and Kmart, as well as banks and healthcare organisations have already experienced in the past year, cyberattacks can occur at any time and come from any source.
Unfortunately, you can’t have it all in the modern world, because it’s impossible to automate your data and stay competitive if you insulate yourself from digital technology. Data collection is simply a part of today’s way of life that we all have to accept, but still, businesses increasingly need to guarantee a high level of security and protect the privacy of individuals.
Fortunately, data theft can sometimes be avoided or simply kept to a minimum. The following is a list of things that companies can do to avoid data theft:
- Limit data sharing with third parties
- Encrypt online payment pages
- Ignore suspicious or unknown emails
- Limit the number of sites you share your credit card information with
- Avoid giving out too much personal information on social media sites
- Change PINs and passwords frequently
- Freeze accounts that you suspect may be compromised
- Monitor accounts for questionable charges
Once you have adopted these simple guidelines, it is important that you continue to be vigilant against data theft, because hackers resort to all kinds of methods to penetrate corporate databases. To protect your databases as much as possible, you should apply the following five steps when a data theft is suspected:
- Communication is an important factor after a data theft: inform all employees that a data breach has occurred and that you as a company take responsibility for it. Also be open and clear about why this data theft could happen. Then you should inform the affected users about how they can clear up the impact of a data theft. Finally, have an honest discussion with your staff about the source of the problem in an effort to avoid similar problems in the future.
- Consult your IT engineers: Forensics is crucial to analyse network traffic and find out why such a data breach occurred. Therefore, be proactive and save all your organisation’s traffic, including all data packets, for later analysis. The archived traffic can then be reviewed by security experts to detect anomalies and determine where and when a data breach occurred.
- Use a proactive security system: Although firewalls can prevent certain types of external attacks, they will do nothing against malware that has infiltrated the organisation’s network. A multi-layered approach that includes a hierarchical search by date, event, IP address and extent of damage is the best way to address security solutions.
- Review the data that was stolen to determine the extent of the damage: Change all passwords and contact your credit bureaus to inform them that a data theft has occurred so that appropriate action can be taken. Also contact all financial institutions, such as banks and credit card companies, immediately to prevent unauthorised transactions.
- Finally, most countries have passed laws dealing with data breaches, which include, for example, that a person who has been a victim of data theft must be notified immediately. Make sure your employees have also signed a confidentiality and non-disclosure agreement to avoid further liability should an employee be responsible for the data theft. In addition, having a privacy policy in place will be the first step in protecting data in the future.
- While corporate data theft increases in number and severity, access to the original data packets is critical to quickly identify the source and extent of security incidents on the network. With its unique ability to capture and store critical network traffic from hundreds of alerts per day, Savvius Vigil 2.0 is the only solution to provide network traceability in the event of a data theft that occurred so far in the past that the network traffic that occurred is no longer available with traditional solutions.