At the end of February, Dow Jones was the latest major company to expose critical data stored in a public cloud. The organization failed to properly configure their Amazon Web Services (AWS) solution and their massive Dow Jones Watchlist dataset, a 4.4GB file, was left open to the public.
The exposed files held approximately 2.4 million records, including many that contained sensitive information. According to one report by MSSP Alert, the following was publicly accessible:
“Global coverage of senior Politically Expose Persons, their relatives, close associates, and associated companies;
National and international government sanction lists and categories;
Persons officially linked to, or convicted of, high-profile crimes; and
Profile notes from Dow Jones including citing federal agencies and law enforcement sources.”
Not only was the information viewable by anyone who knew where to look, but the data was also searchable thanks to indexes and tags.
Protecting data placed on public clouds is essential. A single user error – as was the case with the Dow Jones incident – can result in exposure. Preparing for user error can be challenging, particularly since every system has vulnerabilities that can increase the risk of a breach or exposure.
Luckily, there are steps you can take to reduce the risk of a data breach and accidental exposure. Here’s what you need to know.
- Education and Policy
In order to limit user error, educating your employees on known risks and creating robust policies and procedures to promote proper approaches is critical. Make sure your staff is aware of existing issues and risks, as well as all current applicable regulations.
- Detailed Protocol
Documentation that outlines processes for the completion of tasks is also beneficial. This can help eliminate errors by creating a clear procedure that can be followed with ease.
- Embrace Redundancy
Oversight can reduce the risk of user error. By building redundancy into processes that impact where data is stored and how it is deleted can eliminate mistakes. Essentially, make sure that someone is tasked with reviewing the activities of anyone who handles data. This increases the odds that errors will be spotted (and corrected) in a timely manner.
- Employ a SIEM Tool
A SIEM tool provides you with real-time alerts, allowing you to know if there is a possible breach in process within the system. When an error is identified, the notification goes out immediately, ensuring corrective action can be taken before the situation escalates into something harder to manage.
- Reconsider BYOD
While being able to use their own devices is convenient for employees, it also introduces a slew of potential security risks. Bring Your Own Device (BYOD) programs encourage your staff to bring in outside devices and connect them to internal resources. Since these devices are somewhat outside of the control of the organization, there is an inherent level of risk involved.However, if an employee genuinely needs to use a personal device for work purposes, having clear guidelines regarding how they are used and what data can be accessed can reduce the risk. Similarly, a Mobile Device Management (MDM) solution that can segment company data from personal information, perform remote wipes, and deploy similar emergency actions can increase safety further.
By following the tips above, you can reduce your risk of a data breach and accidental exposure. If you are looking for a partner to ensure your systems are properly configured and secured, contact TetherView to learn more about our robust and comprehensive solutions, and see how we can provide companies of all sizes the protection they need at prices they can afford.
Michael Abboud, CEO at TetherView