Think about how to prevent data loss as you think about how to prevent a heart attack
Think about data loss prevention like taking care of your health. To prevent yourself from having a heart attack, you eat well and exercise. You sometimes have to make decisions between spending a little more time and money on eating salad and lean protein, rather than cruising through the McDonald’s drive-through. You go for a walk or a run, rather than sitting on your couch for hours and days on end. You take steps to prevent yourself from having a heart attack and, at the very least, know it’ll help speed up recovery if those measures fall short.
How to prevent data loss is very similar. You take all the reasonable and necessary precautions you can. That way, you can be confident that just about every breach scenario is covered—whether it’s unintentional or malicious. But, if a data leak does occur, you have the proper tools and procedures in place to make it a little less painful for everyone.
In 2018, the average total cost of a data breach was over $7 million. That breaks down to approximately $148 per record breached. How would your school district weather such a cost financially? What projects or investments could you give up in order to spend the time, money, and other resources on correcting a major data breach?
Would you rather eat healthily and pay for a gym membership or have to get a double bypass?
As we’ve experienced in recent years, school districts are not too small or too “unimportant” to be hacked. K – 12 schools and districts are experiencing significant increases in cyber incidents over the past several years, and your data is valuable to criminals.
What is Data Loss Prevention?
What is data loss prevention? It is the set of practices that keep sensitive and protected information from getting into the wrong hands.
Many go straight to thinking about data loss prevention tools, but preventing data loss is much broader than that. Preventing data loss should start with internal human error (the most common cause of data leaks!). It requires planning and documented processes from those responsible for managing your district’s sensitive information (including information regulated and protected by the government).
Then, yes, bringing in data loss prevention software helps your technology team manage people’s data-handling behavior, see what risks and/or threats exist in your district’s environment, and quickly patch leaks, mitigate behavior, etc. It’s like a FitBit for your IT infrastructure!
Causes of Data Loss
As mentioned above, the most common cause of a data leak is improper internal data handling behavior. Often, these incidents are accidental but they can also be intentional bad behavior. Either way, a data leak exposes your district’s sensitive information to potential criminals and can easily lead to more problematic data loss.
But your strategy to prevent data loss needs to be as broad as the causes of loss. These are some of the biggest ones:
- Human error. The majority of data losses directly involve someone’s mistake. Staff opens a sneaky email. They create easily guessed passwords and don’t guard them well. They log into lookalike websites. They walk away from computers without logging out, where unauthorized people could start using them.
- Inadequate access control. Many districts give out access too freely. People who only need to read data are allowed to alter it. When too many accounts have access that is too broad, data thieves will grab the chance to compromise an account.
- Physical theft. We live in an increasingly mobile world, but mobile devices are easy to steal. If they aren’t well protected, thieves can pull volumes of valuable data from them.
- Malware. Infected systems send confidential information to criminals until the problem is discovered. The systems keep working normally otherwise, and there’s no obvious sign anything is wrong. Sometimes they keep doing it for months before being caught.
How to Prevent Data Loss
How to prevent data loss in your information infrastructure must take all of these causes into consideration. Just like taking multiple proper precautions to stay healthy, layering data loss prevention best practices and techniques provides a much better chance of success.
There’s no such thing as absolute safety. But a good strategy will keep out anyone who isn’t both very determined and lucky—and will help your team audit and report on breach incidents and impacts.
- Protect access to computers and mobile devices. Physical access is the simplest way for criminals to steal data. Avoid putting desktop systems where they can easily be stolen, and put proper security measures for mobile devices in place. Train employees to log out when they’re not using them.
- Use firewalls and anti-malware software. Cybercriminals would love to get their code running on your machines so they can steal data from the inside. Use up-to-date security software on all on-premise servers and workstations.
- Encrypt sensitive data. Thieves can’t get any value out of what they can’t decipher. Sensitive information should be encrypted in storage. Protecting it on mobile devices is vital. Everything should be encrypted, if possible, when transmitting it from one place to another.
- Secure cloud applications. Using cloud applications, such as G Suite and Office 365 has many benefits, both financially and in terms of productivity. But cloud applications have unique cybersecurity risks that must be addressed with a cloud security solution.
- Establish regular security training. Again, human error is the biggest cause of data loss. People trained in good security habits don’t make nearly as many mistakes. Follow up training with testing (e.g., sending an internal phishing email to see who falls for it) and make security part of the job ethic.
Data Loss Prevention is a Top Concern
It doesn’t matter if your school district is big or small. You’re storing sensitive, personally identifiable information about students, their parents/guardians, faculty and staff, and more. This is all valuable to cybercriminals. You are legally required to secure and protect this data, and it’s in the best interest of your community’s financial and identification interests.
Having data loss prevention measures in place keeps your data secure, your students safe, and your finances intact. Don’t wait until open-heart surgery is your only option to stay on your feet. As they say, “An ounce of prevention is worth a pound of cure.”