Mitigating the damage of a data breach
Businesses should have a clear strategy on how to deal with a breach, since many experts believe it’s not a matter of if but when one will occur.
You want to have a plan in place before something like this happens, so when an event does happen, you know what to do and how to limit liability as much as possible.
All employees, should be trained on cybersecurity best practices, from knowing how to spot phishing emails to setting strong passwords and using multi-factor authentication. Also important are frequent backups and offline backups to reinstall files in the event of a ransomware attack.
The two main strategies for devaluing data are encryption and tokenization. Encryption is typically used to secure data in transit, while either encryption or tokenization can be used to secure data stored in systems. Both tactics make data indecipherable to attackers, so even if they access the data in the case of a malware or ransomware attack, they can’t sell it on the black market or commit fraud.
How to recover from a data breach
Contain the breach
As soon the breach is detected, there’s the need to identify how the incident happened. This will allow to take any appropriate action to prevent any further damage.
Assess the risks
As soon the threat has been contained, the extent of the damage and how to proceed should be discussed. They relevant details should be found:
- What type of data is involved
- How sensitive the data is;
- Approximately how many people’s data is affected.
- Who is affected (customers, staff, suppliers, etc.)
- Whether the information contains financial information or other high-risk data;
- Whether the stolen data is encrypted; and
- Whether the organisation backed up the data.
Notify regulators
Under the GDPR, data breaches that is unlikely to result in a risk to the rights and freedoms of individuals, it doesn’t need to be reported to the ICO. Furthermore, it tells us we should inform affected individuals only where it is likely to result in a high risk.
Prepare for the future
After responded to an incident, the appropriate action should be taken to prevent future breaches. This might include investing in better security technology, updating its policies or making its staff more aware of their cyber security responsibilities.
Whitelist and Blacklist
What Is Blacklisting?
The blacklisting approach involves defining which entities should be blocked. A blacklist is a list of suspicious or malicious entities that should be denied access or running rights on a network or system. The blacklist approach is threat-centric, and the default is to allow access. Any entity not on the blacklist is granted access, but anything that’s known or expected to be a threat is blocked.
When to Use Blacklisting
Blacklisting is the right choice if you want to make it easy for users to access your systems, and you want to minimize administrative effort. If you value those things more than having the most stringent access control possible, choose blacklisting.
What Is Whitelisting?
Whitelisting tackles the same challenges as blacklisting but uses the opposite approach. Instead of creating a list of threats, you create a list of permitted entities and block everything else. To create a whitelist for the network level, you need to consider all of the tasks that users need to perform and the tools they’ll need to complete them.
When to Use Whitelisting
If, on the other hand, you want to maximize security and don’t mind the extra administrative effort or limited accessibility, whitelisting is the best choice. Whitelisting is ideal when stringent access control and security are crucial.