Eliminating Server Configuration Errors Can Prevent Data Breaches
Misconfigured servers are the cause of personal data being compromised. Organizations can take steps to prevent many errors and mitigate damage from others.
Misconfigured servers accounted for 86 percent of the 8.5 billion records compromised globally last year, according to an IBM security analysis quoted in IT World Canada. While the number of misconfigured incidents declined from 2018 to 2019, the total number of records affected increased. Misconfigurations occurred across many paths, including cloud storage, open internet-connected network area storage devices, and improperly secured sync backups, the report said.
Tektonic, a Toronto IT services company, has taken over several accounts from other Toronto IT companies who have misconfigured client services and, in some cases, lead to critical security challenges.
Lack of proper training or inexperience in an organization’s IT department often leads to these errors, which allow an external entity to gain access to data. This data usually includes personal details about customers or patients. These security breaches can injure an organization’s brand and reputation, and, in some industries, result in fines.
Misconfigured servers have been the culprit in several highly-publicized security breaches over the past two years.
- Two breaches in 2018 at Medcall, a healthcare adviser, resulted in confidential patient data, including Social Security numbers being available to anyone.
- Servers were hacked at Tesla, maker of electric vehicles, in 2019 to mine bitcoins at the automaker’s expense.
- Five servers were misconfigured at Microsoft in December 2019, exposing 250 million customer service records.
- A misconfigured security setting on a radiology interface resulted in a data breach that potentially exposed more than 60,000 patient records at Middleton Medical, a multi-specialty physicians’ group, in 2018.
Prevention
Organizations can take steps to prevent many misconfiguration errors and to mitigate the damage when they do occur.
- The first step in prevention is to develop a security culture within the organization. Security should be part of every change the organization makes. Everyone in the organization should understand security requirements and be accountable for the decisions they make.
- Another key to preventing security breaches because of misconfigurations is education and training. Misconfigurations sometimes occur when an organization transitions to a new cloud platform because teams have not been fully trained in the latest security concepts. Even in non-transition situations, teams need to be kept abreast of current security trends. One way to ensure this is to hire an expert or to outsource to a managed service provider.
- Developing a list of repeatable processes can help an administrator to avoid overlooking items.
- Running automated security scans regularly and after every architectural change can help detect problems. Likewise, performing regular system audits, and hiring an expert or firm to test the security can find potential issues.
- Introducing multi-factor authentication and using data encryption also can help offset vulnerabilities of unprotected files.
- Developing an incident response plan is essential in mitigating the damages. The policy describes the process for determining whether an organization has been breached, how first to contain, and then eliminate the breach, as well as how to recover afterward. The plan can be tested either through tabletop exercises or simulation. It should be updated regularly.
