Thales eSecurity Blog

Halloween: The curse of data

Gary Marsden | Cloud Services Director More About This Author >

We’ve all watched a horror film and said “why are you doing that?!” as the main characters walk aimlessly down to a basement filled with chain saws or shouted, “are you stupid?!!” as they decide that it’s a good idea to hitchhike alone in the dark. While these fictional horror stories are created simply to frighten the audience, real-world businesses are just as guilty of making naïve decisions when it comes to protecting sensitive data, but with very scary consequences that exist.

So, what are the common mistakes that businesses are making when it comes to data protection?

Silence of the Leaders

  • The classic mistake – One of the biggest mistakes businesses can make is assuming that they’ll be fine, and they won’t get caught by the bad guy. In fact, this is far from the case and it’s a matter of if, not when, a business is breached.
  • How to survive – Rather than walking down that dark alley assuming they’ll be fine, businesses need to educate themselves on the threats out there and start taking a security first approach. This starts from the top down – if the board isn’t invested, how can they expect the rest of the business to be?

Nightmare on Data Street

  • The classic mistake – A common mistake many businesses make is not understanding where their data is stored in the first place. If they don’t know where their data sits, how can they protect it?
  • How to survive – With more data sitting in the cloud, the scope of where a business’ data sits is far greater than ever before and is more difficult to track exactly where it is. Therefore, the first step a business must take before implementing any cybersecurity strategy is to conduct a data sweep. This helps a business understand what data it has collected or produced and where the most sensitive parts are stored.

Don’t Purge the Law

  • The classic mistake – With GDPR now firmly in effect for over a year and other regulations taking shape, those that think even if a breach happens, they won’t have to tell anyone are badly mistaken. Under new data privacy laws, any breach must be publicly acknowledged and reported to the authorities. Businesses are now vulnerable to dealing with stolen data, as well as potentially a reputational hit with customers and a financial hit from regulatory fines.
  • How to survive – Businesses need to gain a deep understanding of their responsibilities and the rights of customers. These new regulations have moved the control of data from the business to the customer, so there needs to be a concerted effort to ensure the rules are being followed the right way.

Knock Knock

  • The classic mistake – A big misconception amongst business leaders is that the perimeter security installed will protect the company and its valuable assets. This isn’t true. Much like in the films, if the bad guy wants to get through the door, he will door (i.e. Jack Nicholson in The Shining). Once that happens, sensitive data becomes ripe for the picking.
  • How to survive – Instead of focusing on the perimeter, businesses must protect their sensitive data at its core. This means implementing simple, but robust security protocols such as encryption and two-factor authentication. By encrypting data and securing access to it through authentication controls, any data that is stolen becomes useless to the hacker trying to obtain it.

What Lies Beneath

  • The classic mistake – Another key mistake many businesses make is to protect their data, but then essentially leave the key in the front door or under the mat. This happens by placing the encryption keys, created after the data is encrypted, right next to the data.
  • How to survive – Encryption is only as good as the key management strategy employed, and companies must ensure they are kept safe in secure locations — in external hardware away from the data itself.

Don’t React 28 Days Later (To Back Up Your Data)

  • The classic mistake – Failing to backup data is a cardinal sin for a company. Without a backup, a business would need to pay a ransom for the return of encrypted data, potentially costing thousands or more!
  • How to survive – The best way to avoid this is to simply put backup processes in place now, not after the data is taken, so if encrypted data is ever stolen, the hacker can’t access it and the company can use the backed-up version.

We go to the cinema to escape to a fictional world, but there’s no escaping the ramifications of a data breach. Businesses need to avoid making ghastly mistakes that can result in real terror when it comes to customer loyalty and their bottom line.