30 Mar 3 Things to Know About Data Breaches (and How to Plan for Them)
3 Things to Know About Data Breaches
(and How to Plan for Them)
30 March 2021· 4 min read
In our last blog post, we discussed how the pandemic accelerated digital transformation and adoption by as many as five years. Virtual collaboration platforms like Microsoft Teams took off as workers around the globe settled into remote routines.
2020 saw an uptick in cyber-attacks and hacking related data breaches. This phenomenon was so prominent that many experts claimed we were living in a “Cyber Pandemic.” On average, these breaches cost nearly $4 million per attack and exposed countless amounts of data. As the number of daily active users on Teams grew to 115 million in a span of only a couple of months, so too did the frequency and size of data breaches.
While the cost of these breaches can be immense, there are steps you can take to plan, contain, and mitigate the effects of these attacks.
Here are three things to know about data breaches, and what you can do to plan for them.
Don’t Let Lack of Information Hurt You, Assign Data Context
We’ve all gotten a few suspicious looking emails in our inbox from time to time. Subject lines promising us “BIG DEALS” or a “FREE IPHONE” if we fill out a survey are about as big of a red flag as you can get. Generally, the best practice when you receive an email that seems fishy is if you don’t recognize the sender, don’t open it. A similar tactic should be taken with company projects as well.
Proper governance starts with applying context to your data. Too often, companies rely on manual contextualization to confirm whether the proper individuals are given access to a project. Instead, organizations should practice assigning rich metadata to projects across collaboration systems.
Rich metadata allows you to apply specific tags and classifiers to projects so that you can designate where the documents should be stored, and who has access. This allows organizations to set security on a “need-to-know” basis with designated projects and avoid playing guessing games that can lead to data being exposed to the wrong parties.
This metadata also allows end-users and risk management teams to filter and locate Teams, Channels, folders, and documents so they can quickly join in on the collaboration process or apply necessary security measures.
Hackers Prey on Disorganization, Invest in Mitigating Data Chaos
There’s a tendency to picture hackers as stealthy spy-like agents straight out of Swordfish or the Mission Impossible series. After all, such devastating attacks must be done by highly funded professionals, right? Not exactly.
While nation-state cyber-attacks like Solarwinds and the Microsoft Exchange hack are on the rise, the majority of these incidents still come from independent hackers. Most cybercriminals operate with as little as $34 per month.
You may think that for a cost that low, there’s no way that the damage could be that great. In truth, even a small investment like that can turn around an average of $25,000 dollars for hackers. With returns like that, it’s no surprise that there is an attempted cyber-attack every 39 seconds in the United States.
These hackers often exploit two of the greatest weaknesses in any security system: human error and disorganization. Many companies use collaboration platforms like Microsoft Teams without properly managing and governing their data. Without designated channels to save their documents, users wind up saving to their personal drives. Soon, data becomes cluttered, disorganized, and susceptible to hackers.
Governance goes hand in hand with provisioning. Once you’ve applied rich metadata to your documents and projects, they must be stored in the proper channels. Automatic provisioning of projects with consistent folder structures and naming conventions rids your organization of inconsistencies that leave data exposed.
Provisioning ensures that data, documents, and projects are funneled into secure locations that can be easily identified should an attack occur. It also keeps data out of unprotected personal folders.
Most Breaches Go Undetected for Months, Have Systems in Place
Once again, Hollywood may have a role in distorting the way we envision what takes place during a data breach. How many times have we seen on the silver screen a scene in which a hacker breaks into a database by smashing some keys and is immediately met with a flashing “INTRUDER ALERT” message.
If only it were that simple to detect an attack. In reality, cyber-attacks and data breaches can go undetected for months.
The average data breach lasts 207 days before detection. That’s more than half a year in which your data is at the mercy of malevolent hackers. They can copy it and delete it, potentially forcing you to pay enormous ransoms to get it back.
By that point, the damage is astronomical. When we add the costs of a data breach, notifying clients and other stakeholders, you’re looking at a cost of almost $5 million from one attack.
The good news is that companies that detect attacks within the first 30-100 days can cut down the overall cost and data loss exponentially.
When it comes to these attacks, it’s not a matter of if you will be hit, but when. Fortunately, there are steps you can take so you aren’t at the mercy of these hackers.
So how do you prepare for a bad day? A good practice is placing documents in AWS, Azure tenants, or on-premises. From there, you can store the metadata in enterprise platforms – like our software CAM, creating a document archive which you can access during an incident. This ensures that your operations can continue because you have proper data protection policies in place to minimize damage from a hack.
How Prosperoware Helps
Our software, Prosperoware CAM empowers organizations to navigate and manage collaboration platforms with confidence and peace of mind.
CAM integrates with various collaboration platforms, including Microsoft 365 (Microsoft Teams, SharePoint Online, OneDrive, OneNote, Planner), file shares, iManage, NetDocuments, HighQ, and more to come.
CAM allows you to control chaos and minimize risks related to privacy and cybersecurity through:
- Automatic provisioning of workspaces, Teams, Channels, and folders from Project Portfolio Management, CRM etc., or through human workflow using templates
- Rich, custom metadata for project or document context
- Unified project directory for content location for end users and risk management teams
- Automatic provisioning of internal & external users, managing permissions, and integrating with ethical wall systems
- Data Loss Prevention including activity monitoring and bulk security & metadata changes
- Data protection by creating a separate archive of documents to access in case of incidents
- Minimizing data by setting data disposition policies or applying litigation hold
At the end of the day, data breaches are a question of when, not if. The frequency and ease of these attacks puts everyone at risk eventually. But with an understanding of best practices and a trusted governance and adoption solution, you can reduce the risk of falling victim and know that you’re covered whenever that “bad day” comes along.
For more tips and best practices, keep an eye out for our upcoming post on the future of cybersecurity and sign up for our Data Protection Webinar on April 8.