龙空技术网

数据泄露:知己知彼,防范于未然|数据观

数据观 172

前言:

眼前咱们对“unsecurednetwork”大体比较注重,姐妹们都想要学习一些“unsecurednetwork”的相关知识。那么小编在网上搜集了一些对于“unsecurednetwork””的相关内容,希望看官们能喜欢,你们快快来学习一下吧!

数据泄露如同永不缓释的癌症,已成为当今互联世界的心腹隐忧。

全文共计18485字,预计阅读时间18分钟

来源 | READWRITE

作者 | Richard Parker

译者 | 黄玉叶

编辑 | 蒲蒲

数据泄露是许多安全专家的祸患,任何人都能随时沦为数据泄露的受害者。倘若不能完全削弱这种危害,那它通常影响深远,代价高昂。数据泄露如同永不缓释的癌症,已成为当今互联世界的心腹隐忧。

什么是数据泄露?欲歼其敌,必先知彼,下面让我们来看看五种不同类型的数据泄露。

举一个快速而直接的比喻,如果窃贼撬开你的锁或破窗进入你的房子,这就是安全漏洞;如果窃贼还偷走了你的文件和个人信息,然后离开,那就是数据泄露。

维基百科一文章显示,“数据泄露是指个人未经授权复制、传播、查看、窃取或使用敏感、受保护、机密数据的安全事件”。你的朋友很有可能会窃取你的几张不雅照,在社交媒体上曝光或戏弄你,数据泄露通常波及甚广,涉及数百万甚至数十亿条数据记录。

即使雅虎(Yahoo)和Equifax(美国征信巨头)这样,你从未想过会成为受害者的大公司也不安全。你要想到这一点,攻击者们似乎更喜欢巨头和蓝筹股公司,因为影响越大,他们为之买单的费用也就越高。

被盗信息继而被用于信用卡诈骗、身份盗窃以及其他一系列犯罪行为,一些攻击者甚至会在暗网上大量出售个人信息,让更多的不法之徒趁机犯下滔天暴行,从间谍活动到敲诈勒索,不一而足。

数据泄露是一个严峻的问题,企业应当未雨绸缪,防范于未然。防范工作的首要步骤是了解五种不同类型的数据泄漏。了解了“敌人”意欲何为,你才能一招制敌。

对于这五种类型的数据泄漏,你要了解适当预防措施,以增强系统的安全性。记住——攻者不休,防者莫怠。不断学习和实施最佳安全实践,跑在进攻者前面,永远保持你对安全担忧的分享,让大家听到最佳安全提示。

2019年度5大数据泄露类型

这份数据泄露类型清单不分先后,对于任何希望避免数据泄露的企业或个人来说,这些都是需要密切关注的领域。

1.物理盗窃

有谁看过1996年上映的电影《碟中谍》?如果你还没看过,那就去找来看看吧!对于那些看了这部电影的人,我想你会认同我的观点:我们应该给导演布莱恩·德·帕尔玛点赞,因为他塑造了经典一幕的镜头——主角伊森(汤姆·克鲁斯 饰)从“绝对安全”的中情局保险库的通风口绕绳而降,偷走了包含该地区特工真实姓名的NOC名单。

这个人物是物理盗窃破坏数据的经典案例,但我们为汤姆·克鲁斯(Tom Cruise)的行为而欢呼。在现实世界中,事情往往没有那么戏剧化,然而物理盗窃造成的数据泄露对许多企业来说是非常现实的。

它简单到没有技术含量——既可以将USB驱动器插入包含敏感和业务关键信息的服务器,也可以厚颜无耻地将硬盘搬出所在业务场所。如果有人可以带着敏感的业务数据离开你的办公场所,那么你的麻烦将比你授意他进来要大得多。

让机密文件一览无余,或者不恰当地处理敏感信息(没错,一个执着的数据窃贼不会对翻看你的“垃圾”感到不安),也会使你面临数据泄露的风险。这是保险库(显然不是中情局的保险库)、碎纸机和熔炉被发明出来的主要原因——用来保护和删除敏感信息,这些信息不能落入坏人之手。

为了保护你的企业数据免遭物理盗窃,请执行严格的安全协议,确保只有经过授权的人才能访问特权数据和敏感数据。你

听说过金库和保险箱吗?好吧,如果你想避免物理数据泄露,你可能需要加强对这种安全存储选项的学习。至于你那宝贵的服务器机房,建议你投资在军事级别的安全度上,譬如激光传感器、运动探测器、哨兵枪、死星(武器代号)、无限护手……任何对你有用的东西统统用上,杜绝疏漏。

2.网络攻击

网络攻击是最常见的数据泄露形式之一,因为攻击者不需要亲自出现在业务场所来窃取数据。他们所需要的只是一台可以上网的电脑和一些黑客工具,在神不知鬼不觉的情况下就能获取你的数据。

网络攻击造成的数据泄露可能会持续数月甚至数年都不会引起任何人的注意,尤其是当黑客有备而来的时候。通常入侵都是在已经造成破坏后发现的,也就是在数据泄漏发生以后。

但是,地球另一端的不法黑客是怎么访问你的系统呢?

除非迫不得已,否则攻击者很少会重新发明新的方法。他们都使用已知的有效的传统黑客方法,如果他们设计了一种新的策略,那多半是利用多种传统黑客策略组合的方式去攻破你的系统漏洞。

黑客用来侵入系统的常见机制包括恶意软件、键盘记录器、虚拟网站、木马、后门程序和病毒等。通常,它们会欺骗用户点击链接,从而在系统上安装恶意程序,这就是他们主要获取数据的方式。其他人将拦截你通过不安全网络发送和接收的信息,这种攻击通常称为中间人攻击(man-in-the-middle, MitM)。

攻击者可能欺骗不知情的工作人员来窃取登录凭证,然后攻击者使用登录凭证登录到职员的计算机,从那里他们对系统的其余部分发起横向攻击。不久之后,攻击者就可以访问你的网络受限区域,并且双向联想存储——紧接着你的数据就丢失或作废了。

根据IBM的数据泄露成本研究,犯罪型网络攻击占数据泄露的48%以上,如何保护自己不受网络不法分子窃取数据的侵害呢?防范网络攻击的措施建议如下:

①鼓励员工使用强而独特的密码,永远不要对不同的帐户使用相同的密码。

如果你记不住很多不同的密码,可以考虑入手一个密码管理器,比如LastPass和Cyclonis等,但永远不要使用诸如“123456”、“password”、“admin”等容易被猜到的密码。

②投资一个最先进的VPN来保护你的网络,VPN将加密你的数据,即使攻击者设法窃取数据,也无法读取。

③考虑到安全第一的重要性,重新设计你的技术基础设施。

④启用双因素身份验证来保护包含敏感数据的服务器和其他存储设备。

⑤使用杀毒软件和防火墙。

⑥更新您的软件,弥补安全漏洞并改进功能,最好的方法是随时更新。

⑦为了了解更多关于保护企业和自己免受网络犯罪的信息。

以下还列出了一些相关的帖子以供读者进一步研究:

2019年需要注意的6个新型网络威胁

物联网如何让企业暴露在网络攻击下

保护自己免遭网络犯罪侵害的11种方法

3.员工疏忽亦或人为失误

你是否曾经发过一封电子邮件,然后懊悔道:“不,不,不,不,不!”是的,我们大多数人都有过这样的经历,这是有史以来最糟糕的感觉之一——尤其是如果你把机密或敏感信息发给了错误的收件人,或者当你把错误的附件发送给了正确的收件人时会发生什么?

以上两种情况都构成了数据泄露,当它发生在一个企业里时,可能会导致前所未有的混乱和动荡。

但也许上面的例子并不适合你,所以这里有一个有趣的事实,你或许不知道,根据2018年发布在itweb.co.za上的IBM X-Force威胁情报指数显示,2017年有超过20亿份数据记录因员工疏忽被曝光,导致网络备份事件和云服务器配置错误。

人非圣贤,孰能无过。我们都会犯错,这是不可避免的。

但是,我们不能对可能致使公司重大损失的错误掉以轻心或者想当然。为了减少这类似的数据泄露,必须教育员工了解信息安全的基本要素,要让他们知道如果一旦在履行职责时丧失警惕将会面对怎样的后果。

这听起来也许是个破绽,但稍作培训就能在很大程度上避免员工因疏忽造成的数据泄露。

最重要的是,对非技术人员进行数据安全意识程序和策略的教育。在一天结束的时候,你应该对因员工疏忽而导致的数据泄露采取零容忍的政策态度,告知你的员工确保数据安全的重要性,如果不可想象的事情发生了,后果会怎样。

4.内部威胁

虽然大多数企业都专注于减少外部威胁这个因素,但内部人员构成的威胁比通常想象的要严重得多。根据CA技术和网络安全内部人士的一项内部威胁研究,53%的企业面临内部攻击,主要促成因素为:

▶许多用户有过度的访问权限

▶日益增多的敏感数据访问设备

▶越来越复杂的信息技术

从同一资料来看,90%的企业感觉容易受到内部攻击,86%的企业已经或正在构建内部威胁程序。根据IBM内部威胁检测,内部威胁占网络攻击的60%。这是一个相当惊人的数字,这也就意味着你必须格外警惕,否则你的企业将会败在任何一名员工手上。

由内部威胁导致的数据泄露在当今非常普遍,且难以检测。网络保护程序可以快速地与恶意的外部人员进行对抗,但是当威胁来自企业内部受信任和授权的用户时,这项工作就变得困难重重了。

这项工作的挑战性陡增了10倍,因为存在不同类型的内部威胁,即:

心怀不满的员工——这类犯罪内部人士蓄意破坏或窃取知识产权,以获取金钱利益。员工在辞职或被解雇前后窃取信息是很常见的。一些企业“害虫”向竞争对手出售商业机密,但另一些则想搞垮企业。

无脑员工——不管你投入多少资源,有些员工永远不会对安全意识培训做出反应。这些人经常成为网络钓鱼诈骗的反复受害者,你可以把安全意识提示贴到你可以贴到的所有地方。

内部勾结——专业的网络罪犯会不遗余力地窃取数据。他们在暗网上搜寻,想要招募员工,如果员工恰巧与恶意攻击者合作,那企业就将面临严重的安全和数据泄露,而这并不需要一位科学家来告诉你。在某些情况下,一名员工甚至可能与同一企业中的另一名员工合作,将企业暴露于各种类型的网络安全问题中。如果你想就正确的方向加以刺激,那就想想内部勾结如何让你的企业暴露于欺诈、知识产权盗窃和普通的老式破坏活动之中。

粗心的内部员工——就网络安全而言,无知不是福。员工的疏忽会招致各种各样的麻烦,因为攻击者很清楚由粗心的内部人员造成的漏洞。疏忽大意的员工会使企业暴露于恶意软件、网络钓鱼和中间人(MitM)攻击,以及其他形式的攻击,攻击者可能利用企业员工的疏忽来攻击配置错误的服务器、不安全或不受监视的微站点等。

长期蓄意内鬼——“二流”犯罪,即恶意寻求额外收入的员工不会保护企业数据。相反,他们会犯下一系列恶意行为,比如为了经济利益而窃取数据,这类人将在很长一段时间内不被发现,最大限度地利用数据盗窃捞到好处。而且,由于他们知道网络监控工具,他们会慢慢地窃取数据,而不是大量地进行数据窃取。因此,他们可以在监控下藏身数月或数年之久。

如何防止内部人士造成的数据泄露?

当威胁来自信任的同一个人时,如何保护您的数据?为了保护数据免受内部威胁,你需要实现端点和移动安全、数据丢失预防(DLP)、静态数据加密、动态密码和使用以及身份和访问管理(IAM)等措施。你甚至可以采用行为分析并减少漏洞,这些措施将与未经授权的访问、疏忽大意和数据丢失等问题作斗争。

5.勒索软件

当你看到勒索软件这个词时,会想到什么?WannaCry?700000美元的损失?法律?HIPAA?CryptoWall?CryptoLocker?勒索软件可以构成一个基于恶意软件攻击系统造成的数据泄露。其他因素,如被盗数据的类型、所述数据的当前状态,以及法律。

任何将数据置于丢失风险的人都在一定程度上泄露了数据,如果某个地方的黑客劫持了数据,企业肯定会在各个方面遭受损失。劫持数据的攻击者已经证明他们可以随意窃取或销毁数据。

很明显,他们天赋异禀,勒索软件有成千上万种卑鄙的手段。根据美国联邦调查局(FBI)的数据,每天有超过4000个勒索软件发起攻击,考虑到这一点,你的系统可能会在这一刻被接管。

这也是美国政府在网络安全方面投入150亿美元预算的原因之一,大多数攻击者使用勒索软件来掩盖他们的踪迹,想想一些人闯入你的系统偷走了你的数据,如果这还不够的话,他们会以你的数据为人质来获取利润,因为他们掩盖了数据泄露。

勒索软件会毁了你的声誉。树立一个名声需要付出辛劳血泪,所以请对勒索软件说“不”。

如果你足够谨慎,就可以避免勒索软件。此外,也要随时加强防御——安装一个强大的反病毒程序(笔者最喜欢的是Eset Nod32),确保启动网络文件的保护措施和防火墙,通过垃圾邮件过滤器来打击恶意软件负载的电子邮件和讯息。

除此以外,投资一个智慧的备份计划,就可以简单地启动驱动器以消除勒索软件,然后恢复备份,这样就能在自己的掌控中击败勒索软件的攻击者,且不用支付赎金。

结语

安全不仅是意识,所以对数据泄露坐视不理。你可以有效地保护自己,如果最坏的情况发生了,要从逆境中站起来,比以前更坚强。不断学习和执行最佳的安全策略和程序,以保护业务免遭各种形式的数据和安全破坏。

英文原文

Know Your Enemy: The 5 Different Types of Data Breach

Data breach, the bane of many security experts. Anybody can fall victim to a data breach at any time. The damage is usually extensive and expensive if not utterly debilitating. Breaches are a cancer that never knows remission and a significant cause of concern in the connected world of today. What is a data breach to begin with? Well, you need to know your enemy, and there are about five different types of data breach.

Here is a quick and straightforward analogy. If a burglar picks your lock or breaks your window and enters your house, that is a security breach. If the burglar steals your documents and personal information and then leaves, that is a data breach.

According to an article on Wikipedia, “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.” A friend might steal a couple of your randy pictures to expose or prank you on Facebook; data breaches usually happen on a colossal scale involving millions if not billions of records. Big companies (you know, the kind you’d never imagine would fall victim) such as Yahoo, and Equifax among others aren’t safe either. When you think of it, attackers seem to love big and blue-chip companies because of the more significant the impact, the fatter the paycheck.

The stolen information is then used to commit credit card fraud, identity theft, and a host of other heinous crimes. Some attackers will even sell the information in bulk on the dark web, giving even more bad guys the chance to commit abhorrent atrocities ranging from espionage to blackmail and the list goes on. Data breaches are a severe problem that mandates organizations to prepare beforehand.The first step in preparing is awareness about the 5 different types of data breach. If you know how the enemy operates, you can put countermeasures in place.

For each of the five types of data breach, you’ll learn a couple of preventative measures so that you can bolster the security of your systems. Keep in mind that attackers hardly rest, so don’t you sleep either. Keep learning and implementing the best security practices and stay ahead of the bad guys. Always remember to share your concerns about security and give each other the best security tips you hear about.

5 Different Types of Data Breach 2019

This list of data breaches is in no particular order, but they are all serious areas of concern for any organization or person looking to stay safe from data breach.

Who has ever watched the Mission: Impossible film that was released in 1996? If you haven’t seen it — find it and watch it. For those who watched the film, I think you’ll agree when I say: We should laud the director, Brian De Palma, for that one famous scene where Ethan Hunt (Tom Cruise) rappels from the vent of an incredibly secure CIA vault to steal the NOC list that contained the real names of agents in the field.

THAT PEOPLE is a classic example of data breach by physical theft, but we celebrated Tom Cruise for the act. In the real world, things might not be as dramatic, but data breach by physical theft is very much a reality for many organizations. It could be as simple as someone plugging a USB drive into a server containing sensitive and business-critical information, or as brazen as someone carrying a hard disk out of your business premises. If anybody can walk out of your premises with sensitive business data, you’re in deeper trouble than you would like to admit.

Leaving confidential documents in plain sight or disposing of sensitive information improperly (yes, a determined data thief won’t have qualms about going through your trash) can also expose you to a data breach. It’s the main reason vaults (but clearly not that CIA vault in Ethan’s case), shredders and furnaces were invented – to protect and get rid of sensitive information that mustn’t fall into the wrong hands.

To protect your organization from physical theft of data, implement stringent security protocols that ensure only authorized people have access to privileged and sensitive data. Have you ever heard of chit-key vaults and safe deposit boxes? Well, you might need to school yourself up on such secure storage options if you’d like to keep physical data breaches at bay.What about your prized server room? We recommend you invest in military-grade security, laser sensors, motion detectors, sentry guns, the Death Star, the Infinity Gauntlet; whatever works for you – just ensure you leave nothing to chance.

Cyber Attack

Cyberattack is one of the most prevalent forms of data breach since the attacker needn’t be physically present on your business premises to steal your data. All a cyber attacker needs is a computer with internet access and a couple of hacking tools to grab your data without your knowledge.Data breach by cyber-attacks can go on for months or even years without anyone noticing, especially if the hacker did his/her job well. Often, the intrusion is discovered when the damage has already been done, i.e., after the data breach has taken place.

But how does a criminal hacker on the other side of the globe gain access to your system? The attackers rarely reinvent the wheel unless they have to. They use old hacking methods that are known to work. If they devise a new tactic, it’s mostly a combination of old tactics meant to exploit vulnerabilities in your system.

Common mechanisms hackers use to break into your systems include malware, keyloggers, fictitious websites, trojans, backdoors, and viruses, among others. Usually, they trick users into clicking and as a result, install malicious programs on the system, which is how they mainly gain access to your data. Others will intercept the information you send and receive over an unsecured network in what is commonly known as the man-in-the-middle (MitM) attack.

An attacker may dupe an unsuspecting staff member to steal login credentials. The attacker then uses the login credentials to login to the staffer’s computer, from where they launch a lateral attack on the rest of your system. Before long, the attacker has access to restricted areas of your network, and BAM – your data is gone, lost or rendered useless.

With criminal cyberattacks making up over 48% of data breaches according to the Cost of Data Breach Study by IBM, how do you protect yourself from cybercriminals looking to harvest your data? Preventative measures to keep cyber attackers at bay include:

▶Encourage staffers to use strong and unique passwords. Never use the same password for different accounts. If you can’t remember many different passwords, considering investing in a password manager such as LastPass and Cyclonis, among others. And please, never ever use “123456,” “password,” “admin” and such easy-to-guess passwords

▶Invest in a state of the art VPN to secure your network. A VPN encrypts your data such that it’s unreadable even if attackers manage to steal it

▶Redesign your tech infrastructure with a security-first approach in mind

▶Enable two-factor authentication to protect your servers and other storage devices containing sensitive data

▶Use an antivirus and firewalls

▶Update your software to seal security holes and improve functionality. Best is to keep your software updated at all times

▶To learn more about protecting your organization and yourself against cybercrime, here is a list of relevant posts for further study.

6 Emerging Cyber Threats to Lookout for in 2019.

How IoT has Exposed Business Organizations to Cyber Attacks.

11 Ways to Help Protect Yourself Against Cyber Crime.

Employee Negligence aka Human Error

Have you ever sent out an email blast and be like “No, No, No, No, Nooo!” Yeah, most of us have been there, and it’s one of the worst feelings ever – especially if you send confidential or sensitive information to the wrong recipients. Or what happens when you send the wrong attachment to the right recipient?

Both scenarios constitute data breach, and when it happens in an organization, it can cause unprecedented chaos and unrest. But perhaps the above examples don’t cut it for you, so here is a fun fact. Did you know networked backup incidents and misconfigured cloud servers caused by employee negligence exposed over 2 billion records in 2017? According to the 2018, IBM X-Force Threat Intelligence Index published on itweb.co.za.

The point is to err is human; we all make mistakes, and it’s inevitable. But mistakes that could take your company off the pivot can’t be taken lightly or for granted. To mitigate this type of data breach, you must educate your employees on the essential elements of information security, and what will happen if they aren’t vigilant when performing their duties. It might sound like a weak point, but a little training could go a long way in combating data breach due to employee negligence.

On top of that, educate non-technical staff members on data security awareness procedures and policies. At the end of the day, you should embrace a zero-tolerance policy to data breaches that result from employee negligence. Inform your employees on the importance of keeping data safe and the repercussions should the unthinkable happen.

Insider Threat

While most organizations focus on mitigating external threat factors, insiders pose a more significant threat than you’d typically imagine. According to an Insider Threat study by CA Technologies and Cybersecurity Insiders, 53% of organizations faced insider attacks, with the main enabling factors being:

▶Many users have excessive access privileges

▶An increased number of devices with access to sensitive data

▶The increasing complexity of information technology

From the same source, 90% of organizations feel vulnerable to insider attacks, and 86% of organization already have or are building insider threat programs. According to IBM Insider Threat Detection, insider threats account for 60% of cyber attacks. That’s a quite staggering figure, which also means you must be extra vigilant or one of your employees will drive a steel stake through the heart of your organization.

Data breaches resulting from insider threats are quite common nowadays, and extremely difficult to detect. Network protectors can quickly combat malicious outsiders, but the job becomes harder when threats come from trusted and authorized users within the organization.

The job becomes 10 times more challenging since there are different types of insider threats, namely:

▶Disgruntled employees– This category of criminal insiders commit deliberate sabotage or steal intellectual property for monetary gain. It’s common for employees to steal information before and after quitting or being fired. Some harmful elements sell trade secrets to competitors, but others want to take down the enterprise.▶Nonresponders– Some employees never respond to security awareness training, no matter the resources you invest. These are the people who usually fall prey to phishing scams repeatedly because, well, you can stick your security awareness training up your (you know where).▶Insider collusion– Professional cybercriminals will go to great lengths to steal your data. They scout the dark web looking to recruit your employees. If one of your employees collaborates with a malicious attacker, you will have a severe security and data breach, and you don’t need a scientist to tell you that. In some cases, an employee may even cooperate with another employee in the same organization, exposing you to all types of cybersecurity problems. If you need a little prodding in the right direction, just think how insider collusion can expose your enterprise to fraud, intellectual property theft, and plain old sabotage.

▶Inadvertent insiders– Ignorance is not bliss as far as cybersecurity goes. Negligence on your employees part invites all manner of trouble since attackers are savvy to vulnerabilities that inadvertent insiders cause. Negligent staff members expose your organization to malware, phishing, and man-in-the-middle (MitM) attacks, among other forms of attack. Attackers may take advantage of negligence in your organization to exploit misconfigured servers, unsecured/unmonitored microsites, and so on.

▶Persistent malicious insiders– Criminal “second streamers,” i.e., employees seeking supplemental income maliciously, won’t protect your data. Instead, they will commit a slew of malicious acts such as exfiltrating data for financial gains. And this category of people will remain undetected for long periods to maximize the benefits of data theft. And since they are aware of network monitoring tools, they will steal data slowly instead of committing data theft in bulk. As such, they can operate under the radar for months or years.

How do you prevent data breach caused by insiders? How do you protect your data when the threat comes from the same people you trust. To protect your data from insider threat, you need to implement measures such as endpoint and mobile security, Data Loss Prevention (DLP), data encryption at rest, in motion and use as well as Identity and Access Management (IAM). You can even adopt behavioral analysis and reduce vulnerabilities. These measures will combat, among other things, unauthorized access, negligence, and data loss in case of a breach.

Ransomware

What comes to mind when you see the word RANSOMWARE? WannaCry? $700,000 of losses? Laws? The HIPAA perhaps? CryptoWall? CryptoLocker? Ransomware can constitute a data breach depending on the malware that attacks your systems. Other factors such as the type of data stolen, the current status of said data and laws. Anybody who puts your data at risk of loss has committed data breach to some extent. If some hacker somewhere holds your data hostage, your organization will surely experience losses in all fronts.

The attacker who hijacks your data has demonstrated that they can steal or destroy your data at will.

Clearly, they are talented, and ransomware comes in a million shades of nasty. Could take over your system right this minute considering there are more than 4,000 ransomware attacks per day according to the Federal Bureau of Investigation (FBI). It’s one of the reasons the US government has a $15 billion budget for cybersecurity. The majority of attackers use ransomware to cover their tracks. Just think about it for a minute. Some guy breaks into your system steals your data, and if that isn’t enough, holds your data hostage for profit as they cover a data breach.

Ransomware ruins your reputation. It takes blood, sweat, and tears to build a name, so say “no” to ransomware.

You can avoid ransomware of you’re cautious enough. Plus, you can always ramp up your defenses. And please install a powerful antivirus program (my favorite is Eset Nod32), and ensure you activate web file protection and firewalls to combat malware-laden emails and messages that pass spam filters. Additionally, invest in a clever backup plan so that you can simply wipe the drives to eliminate ransomware, and then restore backups. That way, you can beat ransomware attackers at their own game, instead of paying a ransom.

Final Words

Security goes beyond mere awareness, so don’t take data breach sitting down. You can effectively protect yourself, and if the worst happens, rise from the ashes stronger than before. Keep learning and implementing the best security policies and procedures to protect your business against the various forms of data and security breaches.

注:《数据泄露:知己知彼 防范于未然》来源于READWRITE(点击查看原文)。本文系数据观原创编译,译者数据观/黄玉叶,转载请务必注明译者和来源。

End

“数据观”亮相纽约时代广场 ,向世界传达“中国数谷”魅力

关注我们

欲了解更多大数据,

区块链,人工智能,

行业相关资讯 ,干货,

报告等,可搜索

数据观微信公众号

进入查看。

数据观

公众号:cbdioreview

官网:

微博:数据观官微

标签: #unsecurednetwork