How to respond to a data breach
In light of recent news from the Sage data breach Barry Scott, CTO of EMEA at Centrify, has commented:
“Insider attacks and threats are often avoidable… so long as the right safeguards are in place.
When a data breach occurs immediate forensic analysis of the breach is needed to understand its full extent. Audit software should be in place to collect detailed records of activity. They should also be used to enable a replay of sessions for the user across the whole environment. It’s imperative that accounts for employees are disabled immediately after they leave a company. This being as a disgruntled employees may try and access systems after receiving their notice. For the same reason, user’s access to corporate data on their mobile devices needs to be removed automatically when their account is disabled.
Employees often have many different accounts and devices, especially now we use so many services offered from the Cloud. Technologies such as Single Sign-On and Identity-As-A-Service should be implemented to remove the need for separate accounts. This makes life easier for users, and means just one account needs to be disabled centrally to remove all application, system and mobile device access.”