10 Tactics for Securing Enterprise Data

By Don Reisinger  |  Posted 08-09-2010

The 2010 Data Breach Investigations Report, a study conducted by the Verizon RISK team in cooperation with the U.S. Secret Service, reveals that companies are facing threats to their corporate data from more sources than ever before. The ongoing Data Breach Investigations Report series now includes in-depth studies of 900 breaches involving more than 900 million compromised records over a span of six years. Here, we've highlighted key information from the report coupled with actions you can take starting today to protect your organization from a damaging and costly data breach. You can view the full slideshow at 2010 Data Breach Report: 10 Tips To Secure Your Enterprise.

  • It Starts With Education -- More than one third (36 percent) of attacks originate from end-user devices, according to the 2010 Data Breach report. This is second only to attacks via servers and applications (which account for 50 percent of compromised assets). Educate employees on appropriate use of corporate computers..

  • Keep the Firewall Up And Working -- Is your IT team is maintaining the corporate firewall? Is it in good working order at all times? Without a solid firewall, you're inviting malicious hackers into your corporate network. Image 2: Windows Firewall

  • Are You a High-Risk Target? -- Regardless of industry, no CIO can afford to be complacent about safeguarding information. Still, 71 percent of all attacks occur in these three industry sectors, according to the 2010 Data Breach report

  1. Financial-services

  2. Hospitality

  3. Retailers

  • Limit Employee Permissions -- Third-party malicious hackers make up the greatest portion of those who steal data, but sometimes it's an inside job, according to the 2010 Data Breach report. Give users only enough permissions to get their jobs done.

  • Authentication Is Key -- Company servers are usually the first place third-party hackers target to access the corporate network. Use multi-layered authentication protocols. Sure, there are ways for hackers get around the authentication process, but solid stop-gaps and strong authentication go a long way to keeping bad guys out.

  • Keep Security Software Running -- Malware was the cause of nearly four in 10 breaches (38 percent) studied for the 2010 Data Breach report. When was the last time you reminded your IT staff to keep malware definitions up to date on all security software running on user computers?

  • Monitor Social Networks -- The 2010 Data Breach study found that 28 percent of attacks occur through the use of social networks. Solicitation, bribery and phishing are the most common ways employees get snagged. Monitor social networking activity and crack down at the first sign of trouble.

  • Monitor Server Activity Early & Often -- Servers and applications comprise a whopping 50 percent of all compromised assets, according to the Data Breach report. IT staff should be monitoring server activity constantly. It typically takes criminals days to get into a company's network and steal data. Monitoring servers and red-flagging any suspicious activity frequently is essential.

  • Stay Focused -- It took "days or longer" for an attacker to steal sensitive data from a corporate network in 60 percent of attacks studied for the 2010 Data Breach report. Monitoring all activity around your network can keep you ahead of hackers.
  • Protect Your Most Sensitive Data First -- Hackers want high-value information that turns them a quick profit. The two types of data most often compromised are:

  1. Credit card information (54 percent of all breaches studied in 2010)

  2. Bank account data (32 percent of all breaches studied in 2010)