By Arman Sadeghi, Founder & CEO, All Green Recycling
Retail giant Target was robbed of 70 million credit card numbers, and the British Ministry of Justice was fined over $230,000 for leaked prison records on a stolen portable hard drive…
…so how will you protect against a corporate data security breach?
Amend your company’s corporate data security policy and enhance your cybersecurity against these 5 costly data security threats.
1. Decommissioning IT Equipment Without Proper Hard Drive Destruction
When decommissioning your computers, laptops, and network equipment, you MUST correctly undertake hard drive destruction and ensure proper data destruction immediately. Failure to do so leaves you exposed to serious fines.
How serious?
In 2013, the British Information Commissioner’s Office served a £180,000 ($230,000 USD) penalty on the Ministry of Justice after a lost unencrypted hard drive leaked confidential information of 2,935 prisoners.
How can your company prevent easy picking such as this from leaking data and exposing you and your company to these hefty fines?
If you think you can simply use data destruction software in-house as a viable solution, think again.
The most effective (and permanent) way to dispose of secure data on your hard drives is to physically damage them beyond repair.
Certified hard drive shredding offers a convenient, mechanical disposal solution that companies with large numbers of IT assets can use.
2. Poor Password Policies That Allow Easy Access
The password still remains the primary method of user authentication for IT systems, which means they form your first line of defense against corporate data security hackers.
A strong, secure password should follow these password best practices:
- At least 8 characters long.
- Should not contain any personal information—specifically your real name, user name, or even your company name.
- Be unique from other passwords.Should not contain any word spelled completely.
- Should contain uppercase letters, lowercase letters, numbers, and characters.
Tip: encourage employees to use phrases they can remember like:
“I enjoy playing basketball”.
Which can be written as:
“IEnjoiPlay!ngB@$k3tb@ll11”.
If you’re looking for advanced password security measures, then one-time passwords, client certificates, smartcards, and biometrics can add layers to your corporate data security policy.
3. Cloud Storage Without Proper Security Measures
While cloud computing and storage solutions provide your company with a convenient and powerful capability to store data in third-party data centers, you need to ask yourself:
“Is my data securely encrypted?”
While online data storage services claim your data is encrypted, there are no guarantees.
What you can do is to ensure your cloud storage provider offers a leading encryption security policy as part of their package. Look for advanced encryption algorithms such as Ciphertext-policy ABE (CP-ABE) and Key-policy ABE (KP-ABE).
Then, choose a cloud storage service provider that is willing to push back against unreasonable government requests for data.
You can use the private advocacy group EFF’s website “Who Has Your Back” for this.
4. Not Recognizing and Investigating Failed Access Attempts
Ignoring the warning sign of failed login attempts can be detrimental to your business…
…even for a retail giant.
Target’s point-of-sale (POS) system was hacked in 2014 – a breach which began 6 months prior with triggered login alarms which its information security team chose to ignore. These attackers siphoned 40 million card numbers and personal information of 70 million customers.
Even with its own billion-dollar security operations center, Target ignored the warning signals.
But will you?
Don’t ignore these common signs of brute force data hacking that can violate your network security:
- Many failed logins from the same IP address.
- Logins with multiple usernames from the same IP address.
- Logins for a single account coming from many different IP addresses.
- Failed login attempts from alphabetically sequential usernames or passwords.
- Logins with a referring URL of someone’s mail or IRC client.
And if you’re unable to afford multi-million dollar IT systems personnel with the bandwidth to monitor your data security 24/7 for these signs, then adding automation to the process can provide an efficient boost to your threat identification capability using the latest technology.
5. Inadequate mobile device security measures for employees
Mobile devices are regularly used outside your organization – and outside your data security firewall and spam prevention tools, too.
With mobile access, your network security has limited control…
…unless you apply the following mobile device security best practices:
- Install anti-malware software.
- Use an encrypted VPN.
- Use multiple forms of authentication such as built-in biometrics in addition to Pincode protection.
- Block the use of third-party software.
- Direct mobile traffic through special gateways with customized firewalls and security controls.
- Avoid unsecured wireless networks and hide Bluetooth.
These corporate data security threats are more common than you think and if corporations who invest millions of dollars into network security can fall victim to hacking, then so can you.
Will you be prepared?
Ensure that your IT personnel are trained on appropriate security measures and are armed with the tools they need to prevent cybercrime spreading, like automation, to help them do their jobs more effectively.
About The Author
My name is Arman Sadeghi, founder & CEO of All Green Recycling. He founded All Green Recycling in 2008 after watching a “60 Minutes” expose on the current state of electronics recycling in the United States and the lack of focus on Data Security and Environmental Stewardship. He is a serial entrepreneur who currently owns and operates companies in various industries including IT, Data Security, Business Consulting, Marketing, Photography and more. Arman can be reached online at (EMAIL: [email protected], Twitter: https://twitter.com/AllGreen_ITAD, FACEBOOK: https://www.facebook.com/allgreenrecycling, LinkedIn https://www.linkedin.com/company/-all-green?trk=biz-companies-cym, YOUTUBE: https://www.youtube.com/user/AllGreenRecycling) and at our company website https://www.allgreenrecycling.com/