Information security (IS) can be frightening to those out of the industry. Although securing your information is crucial, it's important to have an understanding of what is actually at stake to avoid excessive panic. By compartmentalizing security risks and having contingency plans based on the outcome of possible information leaks, you can make a more informed and calm decision on how to move forward.
Compartmentalizing Divides Your Risk
In many cases, a hacker that breaks into a system can gain access to everything on a single system. A small business working on a series of desktops and laptops can leak valuable financial data if it's all located on an easy to find, poorly-secured system, but if you spread the information to different areas and require different access credentials, you could reduce the damage or increase the amount of time needed to steal everything.
It's understandable that a lot of information may be required by a single person to perform a given job. It may be difficult to avoid leaking personal information such as names and address or financial information, but your business process should be able to divide some information.
Using personal information and financial information as an example, avoid creating personal profiles that include financial information for clients. It may be tempting to have a customer profile with a name, address and their credit card or bank information, but you're basically packaging the information for thieves to have their way easily.
Instead, a database security professional can create a key that represents certain information. This key could be a set of codes that asks for specific login information, such as an accountant or customer service professional's password to access the information. By enforcing a different password for logging into work and accessing financial records, you can make a hacker's job even harder by requiring a lot of different information.
Who Should You Inform During A Leak?
When information is compromised, it's important to know what could have been accessed. Just as in the previous section, having all of the information stored on a single system could mean that all of the information is compromised, which can mean a large web of reporting requirements.
If you compartmentalize your information, reporting becomes more simple. When addresses or names are compromised, you can inform clients that specific information was compromised. If financial information is compromised, reporting to the customers and credit reporting bureaus may be necessary.
Law enforcement should always be in the loop, but you should also consider the safety of other businesses. If other businesses are at risk of leaks, security professionals may have an easier time capturing the culprit if they can create a map of how the hack took place. If your security practices are diverse enough, there could be a lot of indicators left behind as the hacker looks for a way in.
Contact a team of Information Security professionals to begin designing a data breach response plan that fits your unique level of information and risk.