How to Prevent Unauthorized Access to Your Data

Posted by Stefanie Kober Wed, 01 Oct 2014 12:17:00 GMT

$5.9 million is the average cost of a data breach for an organization represented in the study conducted by Ponemon Institute, sponsored by IBM. Preventing unauthorized access to an organization’s database may prevent businesses from reputational loss or filing for bankruptcy.

5 Ways to Secure Your Data

There are many potential threats to the security of the database. Although there is no such thing as 100% security, there are several manageable ways to safeguard the data from security breaches:

1.    Protect via Physical Security

Physical security involves the safeguarding of data, programs, hardware, networks and personnel from physical situations that may lead to serious losses or damage to an organization. This includes protection from natural disasters, theft and vandalism. Physical security requires integration of several measures to prevent potential hackers from compromising the data and surveillance systems, and quick recovery from accidents or natural disasters.
For instance, the server room should be locked and only granted as-needed access; people may engage in potentially damaging actions - from accidentally tripping over a power cable, knocking down the system, to intentionally tampering with equipment and other malicious acts. Furthermore, heat sensors and smoke detectors should be placed in server rooms. In case of a successful or suspected security breach, the business security plan should clearly describe a recovery plan.

2.    Access Control
Access control should be tailored according to the different clients and/or users, thereby determining which access rights each user has to a specific system object, such as an individual file or a file directory. There are several types of access control, such as network access control (NAC), device or endpoint access control, and remote access control. Independent of the type of access rights granted, one should ideally create a simple table that lists the categories of users in the organization and the access rights each person is granted. In reality, access control is an everyday occurrence – a lock on a house door and a PIN on an ATM machine are essentially two common means of access control. Incorrect network access rights may grant additional privileges than is actually required which may put the organization’s data security at risk.

3.    Encrypt Sensitive Data

Encryption protects the privacy of information. Encryption converts plain text data into ciphertext, a scrambled message that only the authorized recipient can understand. The process of encryption decreases the probability that the hacker will be able to read the encrypted data, although encryption in itself does not prevent hacking. When carrying out any type of sensitive transaction, such as online banking, or forwarding of employee information between different departments of an organization, encryption should be used. For instance, Secure Sockets Layer (SSL) encryption allows sensitive information to pass securely between the Internet clients and servers in the organization’s network.

4.    Secure the Organization’s Network
Analogous to physically protecting data, securing the organization’s network is as essential to preventing unauthorized access. Remote workers, or employees making use of their personal mobile devices, such as laptops, smart phones and tablets, should use a modern solution to connect to the corporate network. Other preventative measures include installing up to date anti-virus software program, implementing a firewall and using modern authentication methods to effectively secure the network without reducing worker productivity.

5.    Outsmart Social Engineers
According to Verizon Enterprise, 29 percent of all security breaches involve some form of social engineering. Social engineering targets the end user, as it is a much easier crime than mastering a technical hack. Social engineers exploit the human psychology so that victims comply with their wishes; these hackers are sometimes called “human hackers”. Generally, social engineering is more difficult to detect. One should always be wary when sharing information with anyone over any communication means – whether it’s over the phone, via instant messaging, text, or email, or in person. 

‘Prevention is Better than Cure’

It is important not to take any chances when it comes to security as unauthorized access can lead to dire repercussions. The necessary precautions should be put in place to prevent data breaches from occurring. As the wise proverb goes: ‘prevention is better than cure.’ 

no comments |

You must be registered in order to write comments. To register as a new user click here.

If you're already registered, please leave a comment here

Leave a comment