7 ways businesses defend against data breaches

Data breaches have serious impacts for both businesses and their customers. Despite all the effort to prevent them, everyone seems surprised each time hackers successfully manage to infiltrate seemingly impregnable defenses. This brings up the question, just what type of safeguards do companies put in place to protect their sensitive data?

How do businesses keep their data safe?

Despite investing large amounts of money into information security and robust systems, not even the biggest tech giants are safe from hackers. Not only are big companies attractive targets for hackers, but smaller companies often also store a significant amount of valuable data. This data can include email addresses, physical addresses, names, payment-related information such as credit cards and bank accounts, and much more.

Data breaches have serious consequences for affected businesses, where the reputational damage may cause more damage in the long-term than any direct monetary losses caused by the attack, such as temporary shutdowns of systems and services. Data protection has become more relevant than ever before, but just how does it look in practice?

1. Limited access

The most basic measure in use by any security-aware business is to limit employee access to a need-to-know role basis. Imposing such restrictions is also a requirement for PCI certification, a must-have for any business processing debit and credit card transactions.

Viruses that spread through entire networks usually take root from an individual computer. Ensuring that employees only have access to absolute necessary systems to carry out assigned job duties is vital. Countless of times this policy has prevented attackers, who are in control of an employee's device, from gaining a foothold into shared systems, effectively stopping a local intrusion from spreading to other devices on the same network.

2. Encryption

Strong encryption protocols lay the foundation for any secure system. Encryption works by obfuscating the contents of files in a way that causes the information to be unreadable for anyone that doesn't have access to the key, which decrypts the information into its original form.

Today, algorithms like AES and Twofish are standard and considered as the most secure encryptions available. The only theoretical way for hackers to break these encryptions is through brute force attacks, which is considered a non-issue due to the processing power required being far greater than even modern supercomputers can muster. However, when quantum computers become a reality, this may change very quickly.

3. Multi-factor authentication

Multi-factor authentication, or MFA, refers to authentication methods where a person must identify themselves through two or more ways. This could for example be a password and username, in combination with a randomly generated code that must be entered on a separate device. For access to highly sensitive systems, additional factors such as biometrics and security keys may be required.

MFA has been used by default for most businesses' critical systems and applications. Even for less sensitive systems it's now becoming standard to at least use 2FA. This has proved to be highly successful in preventing unauthorized access, as simply gaining access to an employee's password and username is no longer enough for a hacker to gain entry.

4. Password policies

No matter how strong the fortress is, there will be keys to open the gates - and they must not fall into the wrong hands. As humans, we like to reuse the same passwords over and over again out of convenience, and it is a recurring problem from a safety perspective, particularly for systems where multi-factor authentication is not in use.

Astonishingly, according to a workplace password survey carried out by Keeper Security in 2021, 57% of employees were still in the habit of saving passwords on sticky notes. Password managers like LastPass are a solution around this problem, where one set of master login credentials is used to store an unlimited amount of encrypted credentials.

5. Residential proxies

Proxies are middlehands between two servers on the internet. From a data-breach perspective, residential proxies are excellent for companies to test the strength of their firewalls and DDoS protections via simulated bot attacks originating from thousands of devices spread around the world.

A business that intends to do research in other markets may need to retrieve information from custom geo-locations, which is another benefit of proxies. A residential proxy, as the name suggests, belongs to private households which conceals the IP address of the company. This is a great benefit for companies that want to avoid fingerprint-tracking and conceal their identities from competitors and hackers alike.

6. Regular backups

While this does not help with preventing cyber attacks, it ensures that any corrupted systems and databases can be restored and go back to working capacity once a security breach has been identified and patched.

According to industry analysts, ransomware attacks are predicted to cost the world roughly 10.5 trillion USD every year by 2025, something that can be mitigated to a large extent by storing backups on separate locations, both physically and digitally.

7. Employee training

Despite how secure a system may be, the human factor remains the biggest security concern. According to a report from IBM Security, human error is responsible for a whopping 95% of all data breaches and costs businesses on average 3.3 million USD per incident. It's both a cheap and simple preventive measure to educate employees about risks that come in the form of phishing attempts, social engineering and more.

Not using business emails and accounts for personal matters is another obvious but important policy that several companies instruct their employees to follow. Overall, carelessness and laziness are two main factors behind human errors, making it difficult if not impossible for businesses to totally eliminate. Yet, highlighting common mistakes and placing an emphasis on personal responsibility seems to be the feasible solution for now.

Data breaches are likely to increase

Recent data breaches clearly highlight that digital security threats won't stop anytime soon, and on the contrary are expected to increase, affecting every industry from oil transporting companies, meat packaging plants, hospitals and even government institutions.

It goes without saying that consumers also need to pay attention to this reality, which threatens not only their sensitive information stored by third-parties, but also their personal browsing habits on home networks. As security solutions continue to improve, hackers adapt and look for new vulnerabilities in a continuous cycle.