Working Around the Cyber-pandemic: Learn From the T-Mobile Data Breach

Working Around the Cyber-pandemic: Learn From the T-Mobile Data Breach
27 October 2021 · 4 min read
The shift to hybrid work has its benefits, but it has also triggered an increasing number of cyberattacks. From large to small organizations, hackers are not making any exceptions. This has been the case with high-profile attacks, like the Microsoft Server Exchange hack, SolarWinds, the LinkedIn hack, and many more.
Since it’s no longer a question of “if” the breach will happen, but “when,” organizations have been on high alert trying to set the right processes in place to mitigate the risks of cyberattacks. The key is in your organization’s provisioning and governance strategy.
Just a month ago, T-Mobile joined the list of major organizations hit by cyberattacks. The breach exposed sensitive information (social security numbers, pin numbers, and other private information) of over 40 million users.
This wasn’t the company’s first time being hit for a breach. The company had been previously hacked twice before in 2015 and 2020.
It just goes to show that these attacks are inevitable. Your organization’s best defense against a cyberattack is preparedness and due diligence.
Read on to learn how you can strengthen your data governance and limit the damaging effects of a cyberbreach.
Acceptance is the First Step
A data breach can happen to any organization, and your organization is no exception to this unwritten rule. In fact, it is important to accept this so that appropriate measures can be taken to prevent and diminish the damaging effects of a cyber breach.
As evidenced by attacks like Microsoft Exchange, SolarWinds, and LinkedIn, and now T-Mobile, regardless of your organization’s size, attacks and breaches can, and will happen.
Let’s see what proactive steps can be taken to ensure that even in the event of an attack, your data is protected, and the damage is controlled.
Be Aware of Your Systems
Hackers rely on human curiosity and error to gain access to your organization’s systems. A classic example is a user falling victim to a ransomware attack by clicking on and opening a dicey email. Due to the interconnectivity of our collaboration systems and hybrid workplaces, when a single user falls victim, the entire organization is on the line.
The Chaos Effect
As the natural state of data is chaos, this is the “perfect playland” for hackers.
With users saving projects in their personal drives instead of a secure, unified location, hackers have free reign to steal and delete data. Couple this with a lack of proper governance where users have access to data irrelevant to their position, it just adds to the cybersecurity pitfalls.
As we at Prosperoware like to say, “the higher the access, the harder the fall.”
If this is not alerting enough, there’s more. Most of the time, these cybercriminals go undetected for months, gaining access to sensitive and intellectual property data for an average of 280 days before being discovered and contained. This could leave your organization with millions of dollars in stolen or deleted data, and on the hook for millions more in regulatory fines and reputational damage.
The T-Mobile hack was conducted by a lone 21-year-old who managed to expose millions of datapoints in just a short period of time. T-Mobile has since been unable to determine the motives behind the breach — or even what the hacker did with the data — which helps to illustrate on of the more troubling side effects of a breach: if you don’t know where your data is stored, you don’t know what was lost.
When organizations are hit with a major breach, they aren’t always aware of what has been stolen or deleted from their archives. In T-Mobile’s case, the lack of motive is even more dubious, as the organization is left to wonder if their data now exists in the hands of unauthorized third-parties.
So, how can you make sure your organization knows where your data is, and whether or not it’s protected? The first defense lies within provisioning and governance, the dynamic duo of data protection.
Provisioning & Governance: The Dynamic Duo
Without doubt, Microsoft Teams and other collaboration systems are pivotal to the new hybrid work standard. However, as organizations use several collaboration systems, they often face challenges in applying proper management and governance over data.
Sure, manual provisioning is an option, but manual provisioning of Teams, Channels, workspaces, folders, documents, etc. can actually make your organization more vulnerable to security risks due to human error.
That’s because when end users don’t know where to place data, they will save it in their local drives, contributing to data chaos and hacking risks.
Automation is the future
As collaboration systems such as Teams are quite limited on metadata for projects or matters, locating data and understanding its sensitivity is another challenge.
One solution is providing rich, custom metadata to your data. This metadata provides key business context that allows users to quickly and efficiently locate data. It also allows your risk management team to determine what protection and minimization policies are needed for certain projects.
Cybersecurity & Privacy Compliance
On top of efficient data location and rich metadata, as a general philosophy, keeping data indefinitely should not be an option.
As required by privacy and cybersecurity regulations, data should only be kept for as long as it is useful. Keeping it beyond that increases costs and vulnerability.
That’s why your organization should apply proper data disposition policies that help by setting step-by-step controls on what should happen to data once a project or matter is completed.
This is not enough…
A proper governance strategy is not complete if users have access to all kinds of sensitive data across the organization. A tight security system based on NIST’s Zero-Trust security model can allow organizations to keep their data and documents viewable on a “need-to-know” basis.
This way users have access only to data relevant to their position. Not only does this prevent users from accessing irrelevant data to their position, but the organization can also detect malicious activity and take action towards it.
All of this sounds great, but where do you get a solution that enables provisioning and governance in one package?
Prosperoware CAM – our software solution for the provisioning and governance of virtual collaboration systems — is the solution you’ve been searching for.
How Prosperoware Helps 
Prosperoware CAM is a Software-as-a-Service platform (SaaS) for adoption and governance of collaboration systems. It allows organizations to provision, classify, protect, move, and minimize data, mitigating data chaos and reducing risks related to privacy & cybersecurity.
CAM enables organizations to create logical locations for users to place data. It provides rich custom metadata, empowering users to locate documents, and risk management teams to understand business context in order to apply the right security & data minimization policies.
CAM integrates with Microsoft 365 (Microsoft Teams, SharePoint Online, OneDrive, OneNote, Planner, Lists), iManage, NetDocuments, HighQ, and more to come.
Here is what CAM can do for you:
    • Provisioning of workspaces, Teams, Channels, Lists, users & groups, and folders from Project Portfolio Management, CRM etc., or through a human workflow using readily available templates.
    • Rich, custom metadata for project or document context.
    • Unified project directory for content location for end users and risk management teams.
    • Gain advanced templating ability to support complex business processes.
    • Provision automatically or on-demand internal & external users, manage permissions across collaboration systems, and integrate with leading ethical wall systems.
    • Data Loss Prevention (DLP) with activity monitoring and bulk security & metadata changes.
    • Data protection by creating a separate archive of documents to access in case of incidents.
    • Minimize data by setting automatic data disposition policies or apply litigation hold.

Want to see CAM in action?

Want to see CAM in action?

Share
Tags:


WordPress Video Lightbox Plugin