The countless data breaches that have taken place over the last year reinforce the need to always operate under the assumption that someone or something malicious has already infiltrated your defences.
That’s according to David Gibson, VP of strategy and market development at Varonis, who told PCR: "Plugging holes in the perimeter is certainly important, but odds are attackers will continue to evolve and find new ways in.”
Gibson believes it’s in every organisation’s best interest to make an attackers job much harder if they do find their way inside by setting up controls that monitor and baseline normal user behaviour on the data assets you most want to protect, identifying and locking down sensitive data, and enforcing a strict least-privilege model.
Here’s Gibson’s three top tips for protecting your sensitive files and emails right now:
1. Eliminate global access
Wide-open access sensitive files and emails via the “everyone” or “domain users” groups is a big no-no. When sensitive data, credit card information, intellectual property, legal or HR information are in folders available to every person at the company, the risk of a breach is very high. It’s important to continually monitor for folders and mailboxes that are both sensitive and over-exposed and remediate them quickly.
2. Create a honeypot
Create a shared folder with fake sensitive files, open to the entire firm and observe what happens. This is a fantastic way to discover who your curious users might be and identify possible threats. In order to make a honeypot, you need to have auditing turned on in order to monitor who is accessing which data. Platforms like Windows and UNIX have built-in auditing, but it tends to be a drain on performance.
3. Get rid of excessive permissions and group memberships
Employees that have been with the firm for a number of years can end up with more permissions to data than actually they need, but no one ever calls the help desk to complain that they have too many permissions – so it’s really important that you’re working towards a least privilege model.
Throughout November, PCR is running a dedicated Sector Spotlight on Security – Click the logo below for more articles