While Nero Fiddled: Practical Advice on Preventing Data Breaches

In 1736, house fires were a dangerous epidemic for early colonial Philadelphia.  In fact, solving the problem of quickly built, slip shod wooden structures becoming a conflagration of ember and ash was a pressing dilemma.  At the time, Philadelphia’s most famous resident, Benjamin Franklin, organized the first fire department within the city.  Nearly 20 years later, Franklin spearheaded the development of what we today refer to as homeowner’s insurance.  All of this is the precursor to a quote we all know, but may not attribute to Franklin: “An ounce of prevention is worth a pound of cure.”

It can be said that cybersecurity and data loss prevention is to us today what house fires were to Franklin and Philadelphia 250 years ago.  To wit, cybersecurity is a problem that no one has yet fully solved - leaving governments, enterprises, and the IT industry as a whole to search for the Benjamin Franklin of information security.

Whatever the ultimate solution to hacking and data loss may be, you can be certain that taking the steps necessary to prevent data theft is much preferred over working to recover from it.  While both sides of this battle present unique challenges, preventing the loss of data for thousands of customers doesn’t make national headlines – it’s the bad news that draws attention, and yes, even lawsuits.

While industry experts search for our pound of cure, here are some doses of prevention which just may save you from spending your hard-earned Ben Franklins on recovering from a hack and subsequent breach.

  1. Allow me to share three words with you: Training, training, training.  House fires don’t burn wood, they destroy homes.  Hackers don’t attack technology, they target people.  If those facts are true, and they are, then security starts with the people who use it.  As much as technology plays a role in cybercrime, social engineering plays a larger role.  We can say that both emphatically and empirically because today, email represents the most common attack vector.  It is our own inclination to click and to trust that opens our technology to an attacker’s flaming arrows.  The antidote is training, which keys users in to the tools hackers use and educates them to stop clicking and trusting every item arriving in inboxes and popping-up on screens.
     
  2. Yes, I am going to say it: We are still talking about passwords.  This may be the point that everyone knows, but few follow through on.  Suffice it to say, while recycling may save the environment, recycling your passwords isn’t very wise.  In reusing the same password time and time again, we are inviting account compromise.  The best practice is to use a strong, unique password for each site.  Yes, keeping track of it all is challenging, but there are many excellent password management solutions available. Choose one, so we can stop talking about passwords. Please!
     
  3. Lastly, secure your devices.  This step involves keeping operating system software up-to-date, implementing quality end-point protection, and deploying sound perimeter security.  Consider evaluating “perimeter in the cloud’ solutions such as zScaler.  I should add, don’t be afraid to find a trusted technology advisor to help you navigate the technical side of this maze.  For more help on this front, you can also visit StaySafeOnline.org.

For a more in-depth discussion on this topic, register for the Microsoft Modern Workplace webcast, “Cyber Intelligence: Help Prevent a Breach”, being held on February 14, 2017.

Remember, while Nero fiddled Rome burned, so complacency invites disaster. While cybersecurity and protecting your business may seem overwhelming, achieving a solid and ongoing security posture is possible with a logical and systematic approach.  As noted cybersecurity and data privacy attorney Shawn E. Tuma (@shawnetuma) frequently reports, “An ounce of prevention is cheaper than the first day of litigation.”

Please note: this is a Microsoft-sponsored post.

Kenneth Holley, Founder & CEO (@kennethholley) - full bio.