Blog: How Tos

Quick Wins to Combat Data Leaks

Ben Ruffell 08 Jan 2020

Data leakage is a worry. Holding lots of sensitive information about your employees and your customers means that if data is exposed it would be a catastrophe. No one wants to be the next Mossack Fonseca, or Equifax, or Marriott Hotel, or Facebook, or…

The majority of clients I speak to tell me data leakage is their biggest risk, so I thought I’d share my top 3 quick wins for you to roll out and put you on the front foot against attackers looking to cause embarrassment and consternation.

Attackers use the path of least resistance, and unless your employees have been trained to know the difference between a genuine and a fake email, then the least resistance is likely to be your colleagues. Your secure estate will count for nothing.

So, here’s those tips to get you going:

1. Staff security awareness training

The most common attack vector that we see in our Incident Response engagements is phishing – regardless of attacker sophistication. What this means is that even though companies are ensuring their estate is clean of vulnerabilities, and maybe your password hygiene is good and your policies are clever and efficient, attackers are taking a different route to reach their objectives.

What’s the best way of neutralising the threat of falling victim to this threat? Experience determines that one way is educating your employees so they have security at the forefront of their mind when undertaking their day-to-day business operations. Opening emails, logging onto applications, speaking on the phone, entering the building – all of these activities can introduce risk into your organisation.

Train your staff to be more secure in their day-to-day life and your organisational security posture is immediately improved.

2. Ensure your O365 security configuration is optimised for your use

Microsoft Office 365 is a great solution for companies. It enables document sharing, collaborative working, and is a great tool for communication with customers and partners.

Unfortunately the default security settings are not ideal for use by all organisations and can introduce significant risk.

A simple evaluation of the current settings mapped to operational use and performance will likely uncover areas of improvement so that O365 is secure. For example, turning on two factor authentication (2FA).

3. Regularly evaluate your SOC and IR processes

Investing in a Security Operations Centre (SOC) is a good way of being able to detect anomalous behaviour on a network, and your Cyber Security Incident Response Team (CSIRT) should know how to respond to breaches and incidents.

But, like O365, the solution needs to be tailored to the organisation. How do you know how good the visibility of the SOC is? Are there any blind spots? Is there any point in investing in expensive technology if the team operating that technology don’t know how to respond to an alert? Is the alert salient enough in a sea of alerts or will it just be ignored because of the sheer volume of alerts?

The best way to answer all of these questions is to simply evaluate the efficacy of the people, processes and technologies of the Blue Team by running a Purple Team exercise.

Purple Teaming is a collaborative exercise between an organisation’s Blue Team and a security provider’s Red Team, cross referencing Red attacks with Blue visibility and responses to give you an indication of the efficacy of the SOC, and areas of improvement to uplift your capabilities.

These 3 quick wins will immediately reduce your risk of data leakage!