October 6, 2022
5 Red Flags That You Need Better Data Security and Privacy
Data security and privacy are on most organizations’ minds these days, especially as the risks of both cyberattacks and fines for non-compliance continue to grow. Still, a lot of companies assume that what they are doing in this regard is enough to satisfy auditors and stave off actual cyberattacks.
But there is a difference between true security, and simply having a false sense of security. For example, a CNBC poll from last year found that a majority of small businesses in America—59%, or just less than two-thirds—were confident they could respond appropriately to a cyberattack. And yet, only 28% of those businesses surveyed even had a response plan in place.
Here are the top five red flags we commonly see in larger organizations:
# 1: Unusual Login Activity
Most users have typical patterns of activity, especially when it comes to when and where they work. Unusual patterns of activity are thus a red flag that someone is on your network who is not supposed to be.
For example, you might notice in activity logs things like:
- Logins at unusual times in the night/morning
- Frequent repeated login attempts
- Logins from new IP addresses
- Logins from locations in another country (where this is unusual)
- Login attempts from different machines at the same time
At the least, these show that the user has, either intentionally or accidentally, given login credentials to someone else. At worst, it shows that a hacker has been able to compromise an account and use it to further explore the network.
#2: Login Credentials Stop Working Altogether
If a user’s account has been compromised, the guilty party might try to lock out the user altogether. So if a user cannot log in, even though they are positive they have the right credentials, that’s also a sign that the system has been compromised.
Also note any activity for admin or “dummy” accounts that should not be seeing any use. Sometimes a clever criminal will use such an account, assuming that there is no user who would notice if they were locked out. An active dummy account is another sure sign that access has been compromised.
#3: Unusual Network Traffic or Desk Activity
Many kinds of malware try to send sensitive information to unknown locations, or load other harmful pieces of malware onto a machine. Key-loggers and ransomware are both good examples of this.
Often, this malware is difficult to find, but it shows up in the patterns of network traffic in your organization. At first, it might simply seem like the network is slow—but peer into the actual traffic, and you might find processes that you do not recognize sending information. Some of these might be benign updates, but some could also be problematic pieces of malware.
#4: A Software or Service Provider Was Compromised
Thanks to cloud computing, companies are more and more reliant on software and services provided by third-party companies. As a result, many hackers are targeting these companies in so-called “supply chain” attacks. Rather than compromising companies one by one, a successful supply chain attack can open the door to hundreds, or even thousands, of targets—basically, anyone using the third-party service or software.
That said, the “back door” might not be through a cloud software provider. It could be through any service provider with which your organization exchanges data. The more that modern businesses form connected partnerships, the more open both parties are to others’ negligence when it comes to security.
So, whenever a service or software provider discloses that its data has been compromised, it’s critical to perform an audit of your own organization. Assume that your organization has been compromised as well, and take steps to mitigate the threat.
#5: Requests to See the “Big Picture” Cannot Be Completed
Suppose your organization were hit with a surprise audit tomorrow—for example, government officials come to your office, wanting to ensure that your company is in compliance with various state and federal data privacy laws. Could your organization prove to them, in a timely manner, that the organization is, in fact, in compliance? Would someone be able to show them where your data resides, who can access it, and how it is protected?
If your organization is not “audit ready,” that’s a red flag, too, and not just because of the compliance issue. If you have not done the appropriate audits yourself, there is no way to tell what problems needs to be resolved.
For example, if you traffic in sensitive data, your organization should know what that data is, and where it is kept. But it can’t possibly know these things without proper data discovery.
Another example: Most of your data stays “in house.” But some of it goes out to a third-party analytics firm. That data should be appropriately masked or otherwise anonymized—but to do this, you have to know what data is actually being used for this purpose.
In short, you should always be able to see the “big picture” when it comes to data security and privacy—if that’s not the case, that could be the biggest red flag. Chances are good that a problem has already taken place—or will in the near future.