Banking, retail, health care, energy, government, news organizations — the list of industries affected by data breaches is seemingly limitless. Even when companies in these fields have extensive data loss prevention policies, backed by technology that provides them with the best solutions, tools, and products, we see breaches more than we’d like. Consider some of these big data breaches from the last two years:
- Target: The retail giant’s data breach cost shareholders $148 million and exposed data from 40 million customer payment cards.
- Brazilian banks: In 2014, Brazilian banks lost an estimated $3.75 billion because of Boleto malware, which was responsible for nearly half a million fraudulent transactions.
- Kaiser Permanente: In early 2014, Anaheim Medical Center, a subsidiary of Kaiser, reported a stolen USB drive that contained sensitive information about 49,000 of its patients.
Google Apps offers excellent tools for enterprise data security. Additionally, Google undertakes stringent cloud security protections to safeguard the Apps environment. Unfortunately, the biggest Google Apps security threats are the people who use them. Administrators can’t prevent every human misstep, but they can minimize damage by thwarting human error wherever possible and responding quickly when breaches occur.
5 Data Loss Prevention Solutions
No administrator can keep a high-level executive from being fooled by a spear phishing email. However, admins can implement security settings to prevent many misuses of Gmail and other Google Apps. The following can help you setup up a foundation for your data loss prevention program.
- Differentiate access based on user roles. The most important step Google Apps admins can take is to implement a sound organizational structure. By dividing people into organizations and sub-organizations based on their roles, they can limit Apps access and enforce sound security policies.
- Monitor user activity. The Admin console allows admins to set up alerts related to suspicious login activity, changes to Drive settings, changes to mobile settings and changed user passwords. Also, admins can view a number of reports related to security, apps usage, and account activity, and can analyze multiple audit logs.
- Be aware of third-party access and activity. Administrators should know which third parties can access their systems and what kinds of information they can access. Admins should also limit third-party application access to apps, such as Google Drive, whenever practical.
- Implement device management policies. Requiring mobile passwords, implementing 2FA, and enabling remote wipe for lost and stolen devices will go a long way toward preventing data loss. However, it’s also important to create procedures for equipment disposal, USB usage and personal devices in the workplace.
- Educate employees. Admins, in cooperation with their CIOs and HR managers, can create materials to educate employees about security topics. These resources can include newsletters, Intranet articles, webinars, videos, workshops, learning management system classes and security bulletins.
Incident Response: Preventing the Damage of Breaches Resulting in Data Loss
When admins notice a breach in progress, they can save data by acting quickly to contain the damage. The SANS Institute offers an “Incident Handler’s Handbook” that details five main phases of incident response.
Every organization should have a set of incident response plans including procedures, lists of accountable team members and communication plans. Also, a jump bag containing tools such as bootable USB drives, safe laptops with forensic software and hard duplicators — along with team contact information — should always be readily available.
Once an incident has been identified, the appropriate response plan should be put into place. In some cases, the first notice of a data breach comes from within Google Apps, such as an alert for an unauthorized password change. In other cases, organizations receive breach notifications from third-party providers.
Containment starts with short-term steps, like isolating a section of the network or taking a server offline. Then, after taking a forensic image of the affected system, IT can install patches, remove backdoors and take other steps to keep the system operational, if possible. This phase can also include simple mitigation steps, including changing passwords to limit data access.
The eradication phase can include extensive malware scans and cleaning and rebuilding of affected systems, depending on the level of damage. Throughout the process, IT should keep a detailed incident response journal to be referenced during future incidents.
In addition to testing, validating and monitoring systems as they’re put back into use, administrators should update all Google Apps security settings and IT policies to prevent further breaches.
Why Organizations Should Care About Data Breaches
According to the Ponemon Institute’s 2014 Cost of Data Breach Study, the cost of data breaches increased 15 percent just in the past year. These costs can be attributed to four main categories:
- Extensive legal liability and cleanup costs. Target’s breach caused shareholders to lose approximately $148 million. However, this figure doesn’t include the cost of informing customers, improving security infrastructure, paying legal bills and offering free credit monitoring.
- Regulatory fines. In 2013, HIPAA-covered entities shelled out over $18.6 million in regulatory fines because of data breaches.
- Lost productivity. According to half of organizations that experience data breaches, the biggest cost comes from lost employee productivity.
- Tarnished brand. Target’s Q4 profits dropped $440 million after information about the breach became public. People no longer trusted the retailer to keep their financial information safe.
Increasingly, top managers are paying a heavy price for embarrassing data breaches. Both Target’s CIO and CEO lost their jobs after the Q4 2013 breach.