4 Ways to Prevent and Mitigate Data Breaches and Ransomware


The Identity Theft Resource Center recently released its U.S. data breach findings for the third quarter of 2021. The results highlight more bad news, with the total number of events as of September 30 exceeding the total for all of 2020 by 17 percent. The report says that the total number of cyberattack-related compromises is up 27 percent year-to-date compared to 2020. While 85 percent of breaches involve a human element—most frequently using social engineering schemes like ransomware and phishing as the primary attack vector—web application attacks, system intrusion, and other threats still loom large. Whether your organization is large or small, you need to address these threats. That starts with strengthening your defenses on all fronts. While bolstering your defenses is your logical first step, putting the pieces in place that help you recover from the impacts of a successful attack may be what matters most. Here are a few ways you can both ratchet up prevention and ensure recovery is always possible.

1.      Train Your Team

With so many breaches involving a human element, it’s the logical place to start improving your defenses. Security awareness training teaches your team members—including contractors, partners, and anyone else with access to your applications and systems—to spot malicious emails, attachments, and websites and understand their role in cybercrime prevention. A practical, ongoing security awareness program should include testing by sending phishing simulations to employees to identify problem areas and knowledge gaps.

2.      Establish a Layered Security Strategy

While technology comes into play in a layered security strategy—see #3 below—an effective approach addresses other gaps that can leave your organization open to an attack, including:

  • Security policies

Robust security policies can systematically prevent data breaches while increasing security awareness within your organization. These policies also serve as guidelines for your employee cybersecurity training program.

  • Physical security

Data is at the heart of almost every organization. That's why hackers now often resort to breaking into facilities to gain access. Strong premises security that monitors activity and limits access is crucial for keeping your sensitive systems safe.

  • Access control

Role-based systems access helps ensure that applications and data are always available to those that need them while limiting privileges for specific systems to those that must have them. So, if a hacker does gain access to one of your systems, they won’t be able to exploit your other systems.

3.      Deploy Layered Cybersecurity Tools

From a technology standpoint, layered security focuses on keeping any single security vulnerability from compromising your entire system. That starts with assessing your current security posture. The next step is to put prevention tools in place—or bring in a technology partner—to close any security gaps. These tools include:

  • Network security monitoring
  • Encryption tools
  • Web vulnerability scanning
  • Packet sniffers
  • Antivirus software
  • Firewall
  • Public Key Encryption (PKE) services
  • Managed monitoring and detection services
  • Penetration testing

4.      Implement An Effective Data Protection Solution

When your every effort at prevention fails—it could be something as simple as someone clicking on a malicious link without thinking—a sound data backup and recovery solution is your last line of defense. Ensuring you can recover your data and get back up and running following an attack starts by following the 3-2-1-1 rule. Keep three copies of your data, one primary and two backups, with two copies stored locally on two formats and one stored offsite in the cloud or secure storage. While you may be familiar with the old 3-2-1 backup rule, the added “1” in 3-2-1-1—which stands for immutable—makes all the difference in the world. Immutability is when data is converted to a write-once, read-many-times format which can’t be altered. Choosing a backup and disaster recovery solution that features immutability, like StorageCraft OneXafe, ensures your data will be there when you need it. StorageCraft is an Arcserve company. Regardless of your organization’s size or the complexity of your IT infrastructure, Arcserve offers you the broadest portfolio of data protection, management, and recovery solutions available under one roof.

See Data Protection In Action

Watch an on-demand demo to discover how Arcserve can help you mitigate the impacts of data breaches and ransomware today.