Target data leakage exposes need for heightened data loss prevention efforts

by Charles Leaver

January 6, 2014

access_time 5 min read

Target has received much negative media attention recently due to an attack that lead to massive data leakage affecting more than 40 million customers. According to Newsfactor, one individual has already filed a lawsuit against the big box retailer claiming negligence and invasion of privacy, and attorneys are currently seeking a class action status.

"Target failed to implement and maintain responsible security procedures and practices appropriate to the nature and scope of the information comprised in the data breach," the complaint stated.

This case illustrates the significant damage that data leakage can create, and businesses are using this instance to prompt increased data loss prevention efforts in their own companies.

Tips to improve data leak prevention measures
One of the first things a group can do to protect themselves against data leakage is not to wait until a breach occurs to put a plan in place.

"A lot of times it really does require people to have bad things happen to them to really put in place all the security procedures, tools and processes they should put in place to truly protect cardholder information," security expert Eric Chiu told The Wall Street Journal.

In this way, administrators should have guidelines in place before they ever experience an issue. As part of this plan, businesses should seek the services of a third-party provider of forensic data analysis, such as Ziften. These protection experts can provide solutions to help determine the cause and source of a breach should one ever occur.

Furthermore, EdTech Magazine contributors Kamran Khan and Marc Scarborough advised that if an organization already has a plan in place, they should revisit it on a regular basis and adjust it as necessary. For example, some plans created only a year or two ago may already be outdated within the current environment. In addition, since their creation, the company may be using new platforms or processes that require different security standards. In this way it is important to review data management plans to ensure they are up to date and can adequately protect current practices. As part of this process, administrators should perform audits to gain insight into the performance of existing systems.

"Ensure that development systems maintain the same security configurations as their product peers," Khan and Scarborough recommended.

Businesses should also seek to back up all sensitive company-owned intellectual property on a separate system. This can serve as an insurance measure if information is compromised.

However, a main focus of data leak prevention efforts should not be on technology or policies, but on individual employees. Experts have stated that many instances of data leakage came as a result of actions carried out by workers which created vulnerabilities in information security. For this reason, administrators should be sure to publicize best practices for data loss prevention and provide education on the different processes.

"Many [employees] do not understand their obligations to protect confidential information," the duo stated. "Document expectations through policies and procedures and engage the campus with reminders and training sessions."

When security weaknesses within the employee population are addressed, the organization will be much less likely to become a victim of data leakage.