10 Ways to Prevent Data Loss

Sadik Al-Abdulla leads a team that spends its days assessing and cracking into systems to find weaknesses. As director of security solutions for CDW, Al-Abdulla’s team has conducted more than 5,000 network, malware and data loss prevention assessments.

Now, based on assessments done in the past two years, here are what Al-Abdulla calls the five "highest-risk, easiest things to fix":

1. Risk: Gaps in configuration and gaps in patch discipline

The Fix: Document, remediate, automate, review and repeat.

2. Risk: Bad passwords

The Fix: Educate users and test, test, test.

3. Risk: Phishing attacks

The Fix: Teach users what to avoid and to report attacks.

4. Risk: Arbitrary trusts between systems

The Fix: Make sure systems don’t allow unintended access that would let an intruder crack one and then gain unguarded access to more critical systems.

5. Risk: Interconnected end-user systems

The Fix: Ensure that there’s effective internal network segmentation; other than for IP communications and instant messaging protocols, user systems do not need to talk to one another.

In addition, Al-Abdulla noted five complex challenges organizations must confront and that require IT, security and management teams to work together to focus on the triad of policy, education and technology enforcement:

6. Risk: Exploitable sensitive data

For Starters: Create a distinct infrastructure for mission-critical systems.

7. Risk: Malware egress points

For Starters: Hunt for the malware, removing it, repair the infrastructure — repeat.

8. Risk: Data leakage

For Starters: Identify data traveling where it’s not supposed to, plug the leak — repeat.

9. Risk: Poor data policies

For starters: Assess the network, fix leaks, rewrite policies and enforce them.

10. Risk: Email gaffes

For starters: Educate users about data that is sacrosanct and should never be gathered, shared or stored in email systems.

Read additional security tips from state and local CISOs here.