alt=An illustration of a padlock and a key on a digital grid background, symbolizing cybersecurity and data protection.
Cyber security
2025-05-16 Post a Comment

Top 10 Best Practices for Effective Data Protection

Data is the lifeblood of productivity, and protecting sensitive data is more critical than ever. With cyber threats evolving rapidly and data privacy regulations tightening, organizations must stay vigilant and proactive to safeguard their most valuable assets. But how do you build an effective data protection framework?

In this article, we’ll explore data protection best practices from meeting compliance requirements to streamlining day-to-day operations. Whether you’re securing a small business or a large enterprise, these top strategies will help you build a strong defense against breaches and keep your sensitive data safe.

1. Define your data goals#

When tackling any data protection project, the first step is always to understand the outcome you want.

First, understand what data you need to protect. Identify your crown jewel data, and where you THINK it lives. (It’s probably more distributed than you expect, but this is a key step to help you define your protection focus.) Work with business owners to find any data outside the typical scope that you need to secure.

This is all to answer the question: “What data would hurt the company if it were breached?”

Second, work with the C-suit and board of directors to define what your data protection program will look like. Understand your budget, your risk tolerance to data loss, and what resources you have (or may need). Define how aggressive your protection program will be so you can balance risk and productivity. All organizations need to strike a balance between the two.

2. Automate data classification#

Next, begin your data classification journey—that is, find your data and catalog it. This is often the most difficult step in the journey, as organizations create new data all the time.

Your first instinct may be to try to keep up with all your data, but this may be a fool’s errand. The key to success is to have classification capabilities everywhere data moves (endpoint, inline, cloud), and rely on your DLP policy to jump in when risk arises. (More on this later.)

Automation in data classification is becoming a lifesaver thanks to the power of AI. AI-powered classification can be faster and more accurate than traditional ways of classifying data with DLP. Ensure any solution you are evaluating can use AI to instantly uncover and discover data without human input.

3. Focus on zero trust security for access control#

Adopting a zero trust architecture is crucial for modern data protection strategies to be effective. Based on the maxim “never trust, always verify,” zero trust assumes security threats can come from inside or outside your network. Every access request is authenticated and authorized, greatly reducing the risk of unauthorized access and data breaches.

Look for a zero trust solution that emphasizes the importance of least-privileged access control between users and apps. With this approach, users never access the network, reducing the ability for threats to move laterally and propagate to other entities and data on the network. The principle of least privilege ensures that users have only the access they need for their roles, reducing the attack surface.

4. Centralize DLP for consistent alerting#

Data loss prevention (DLP) technology is the core of any data protection program. That said, keep in mind that DLP is only a subset of a larger data protection solution. DLP enables the classification of data (along with AI) to ensure you can accurately find sensitive data. Ensure your DLP engine can consistently alert correctly on the same piece of data across devices, networks, and clouds.

The best way to ensure this is to embrace a centralized DLP engine that can cover all channels at once. Avoid point products that bring their own DLP engine (endpoint, network, CASB), as this can lead to multiple alerts on one piece of moving data, slowing down incident management and response.

Look to embrace Gartner’s security service edge approach, which delivers DLP from a centralized cloud service. Focus on vendors that support the most channels so that, as your program grows, you can easily add protection across devices, inline, and cloud.

5. Ensure blocking across key loss channels#

Once you have a centralized DLP, focus on the most important data loss channels to your organization. (You’ll need to add more channels as you grow, so ensure your platform can accommodate all of them and grow with you.) The most important channels can vary, but every organization focuses on certain common ones:

  • Web/Email: The most common ways users accidentally send sensitive data outside the organization.
  • SaaS data (CASB): Another common loss vector, as users can easily share data externally.
  • Endpoint: A key focus for many organizations looking to lock down USB, printing, and network shares.
  • Unmanaged devices/BYOD: If you have a large BYOD footprint, browser isolation is an innovative way to secure data headed to these devices without an agent or VDI. Devices are placed in an isolated browser, which enforces DLP inspection and prevents cut, paste, download, or print. (More on this later.)
  • SaaS posture control (SSPM/supply chain): SaaS platforms like Microsoft 365 can often be misconfigured. Continuously scanning for gaps and risky third-party integrations is key to minimizing data breaches.
  • IaaS posture control (DSPM): Most companies have a lot of sensitive data across AWS, Azure, or Google Cloud. Finding it all, and closing risky misconfigurations that expose it, is the driver behind data security posture management (DSPM).

6. Understand and maintain compliance#

Getting a handle on compliance is a key step for great data protection. You may need to keep up with many different regulations, depending on your industry (GDPR, PCI DSS, HIPAA, etc.). These rules are there to make sure personal data is safe and organizations are handling it the right way. Stay informed on the latest mandates to avoid fines and protect your brand, all while building trust with your customers and partners.

To keep on top of compliance, strong data governance practices are a must. This means regular security audits, keeping good records, and making sure your team is well-trained. Embrace technological approaches that help drive better compliance, such as data encryption and monitoring tools. By making compliance part of your routine, you can stay ahead of risks and ensure your data protection is both effective and in line with requirements.

7. Strategize for BYOD#

Although not a concern for every organization, unmanaged devices present a unique challenge for data protection. Your organization doesn’t own or have agents on these devices, so you can’t ensure their security posture or patch level, wipe them remotely, and so on. Yet their users (like partners or contractors) often have legitimate reasons to access your critical data.

You don’t want sensitive data to land on a BYOD endpoint and vanish from your sight. Until now, solutions to secure BYOD have revolved around CASB reverse proxies (problematic) and VDI approaches (expensive).

Browser isolation provides an effective and eloquent way to secure data without the cost and complexity of those approaches. By placing BYOD endpoints in an isolated browser (part of the security service edge), you can enforce great data protection without an endpoint agent. Data is streamed to the device as pixels, allowing interaction with the data but preventing download and cut/paste. You can also apply DLP inspection to the session and data based on your policy.

8. Control your cloud posture with SSPM and DSPM#

Cloud posture is one of the most commonly overlooked aspects of data hygiene. SaaS platforms and public clouds have many settings that DevOps teams without security expertise can easily overlook. The resulting misconfigurations can lead to dangerous gaps that expose sensitive data. Many of the largest data breaches in history have happened because such gaps let adversaries walk right in.

SaaS security posture management (SSPM) and data security posture management (DSPM for IaaS) are designed to uncover and help remediate these risks. By leveraging API access, SSPM and DSPM can continuously scan your cloud deployment, locate sensitive data, identify misconfigurations, and remediate exposures. Some SSPM approaches also feature integrated compliance with frameworks like NIST, ISO, and SOC 2.

9. Don’t forget about data security training#

Data security training is often where data protection programs fall apart. If users don’t understand or support your data protection goals, dissent can build across your teams and derail your program. Spend time building a training program that highlights your objectives and the value data protection will bring the organization. Ensure upper management supports and sponsors your data security training initiatives.

Some solutions offer built-in user coaching with incident management workflows. This valuable feature allows you to notify users about incidents via Slack or email for justification, education, and policy adjustment if needed. Involving users in their incidents helps promote awareness of data protection practices as well as how to identify and safely handle sensitive content.

10. Automate incident management and workflows#

Lastly, no data protection program would be complete without day-to-day operations. Ensuring your team can efficiently manage and quickly respond to incidents is critical. One way to ensure streamlined processes is to embrace a solution that enables workflow automation.

Designed to automate common incident management and response tasks, this feature can be a lifesaver for IT teams. By saving time and money while improving response times, IT teams can do more with less. Look for solutions that have a strong workflow automation offering integrated into the SSE to make incident management efficient and centralized.

Bringing it all together#

Data protection is not a one-time project; it’s an ongoing commitment. Staying informed of data protection best practices will help you build a resilient defense against evolving threats and ensure your organization’s long-term success.

Remember: investing in data protection is not just about mitigating risks and preventing data breaches. It’s also about building trust, maintaining your reputation, and unlocking new opportunities for growth.

read more
alt=A person holds a smartphone, surrounded by digital security icons like locks and keys, indicating data protection and cybersecurity themes.
Cyber security
2025-04-23 Post a Comment

The growing threat of device code phishing and how to defend against It

Story by Mike Britton

Just as we think we’re getting one step ahead of cybercriminals, they find a new way to evade our defenses.

The latest method causing trouble for security teams is that of device code phishing, a technique that tricks users into granting access to sensitive accounts without attackers needing to steal a password.

Microsoft recently issued a warning about a particular device code phishing campaign being conducted by Storm-2372, where a supposed Russian-backed threat actor was wreaking havoc by hijacking user sessions through legitimate authentication flows. These attacks are trickier to detect than usual given that they exploit real login pages (rather than the spoofed versions that traditional phishing techniques relied on) and are capable of bypassing multi-factor authentication (MFA).

The recent warning from Microsoft will most likely be the first of many. Various other platforms follow the same style of authentication flows and attackers will most likely replicate the technique elsewhere. It is down to security teams once again to identify the warning signs of this new breed of phishing, and implement the best cybersecurity practices to get ahead of the curve.

Related video: Cyber security expert’s tips to keep phones safe (ITN)

And not just to open the phone for other apps
Loaded: 100.00%

Current Time 1:03
Duration 1:56

ITN
Cyber security expert’s tips to keep phones safe

100

View on WatchView on Watch

Understanding device code phishing

Unlike traditional credential phishing attacks, device code phishing is unique in that there is no need to directly steal a password. Instead, attackers manipulate victims into handing over access to their accounts by exploiting authentication methods designed to make logging in easier.

They start the same way as most email attacks do: through social engineering. By impersonating a trusted colleague or IT administrator, the attackers send an email invitation to an online meeting (often a Microsoft Teams meeting) that looks legitimate. The email is designed to appear normal – for instance, it might look like a genuine Teams meeting invite.

When the victim clicks the link in the fake invite, they are prompted to log in using a special code (the “device code”), which is provided by the attacker. And because the website they land on is a real Microsoft login page, the user doesn’t suspect anything phishy.

What makes this technique especially dangerous is that it exploits legitimate authentication systems without creating counterfeit ones. This removes the need for attackers to steal passwords. Instead, they can gain access by capturing session tokens which allow them to operate without triggering additional authentication prompts. And because the tokens are already verified, attackers can often bypass MFA.

At first glance, nothing seems unusual. Suspicion is reduced due to the official Microsoft website, and therefore, victims won’t hesitate to enter a device code to authenticate the session. However, instead of linking their own device, they are unknowingly authorizing the attacker’s session. Once access is granted, the attacker has the keys to the kingdom and is free to operate within the victim’s account, access sensitive information, and launch lateral attacks.

How users can recognize and avoid these attacks

Device code phishing has created a minefield where legitimate tools are utilized for malicious purposes. Organizations must be proactive in recognizing these attacks and be sure to have effective authentication security measures in place.

Users should always treat unexpected meeting invites with suspicion, especially if they contain login prompts that require immediate action. Before entering any device code, users should verify the legitimacy of the request through a separate communication channel, such as a direct phone call or an internal messaging platform. If a login request appears out of the blue, it’s always best to avoid proceeding until its authenticity is confirmed.

Device codes are particularly impactful as they are designed to be entered on trusted devices. As a result, users should never share a login code with another person or enter a code they receive via email or chat unless they personally initiated the request. Legitimate services will never email a device code and then ask a user to input it on a separate website. If workforces can get to grips with this fundamental security principle, it can prevent many device code phishing attempts from succeeding.

Organizational steps to mitigate risk

Protecting against these attacks can’t rely solely on the user and organizations must take steps to reduce the risk of device code phishing.

One of the most effective measures is to disable any unnecessary device code authentication flows. If it isn’t essential for business operations, then it should be removed to eliminate a significant attack vector. Security teams should regularly review authentication policies and restrict device code logins to only trusted devices.

Conditional access policies go one step further, as they can restrict authentication attempts based on user behavior, device type, geographic location, and risk level. If a login attempt occurs from an unfamiliar location or outside of approved business hours, access can be blocked or require additional verification.

This is why it’s key to embrace behavioral AI measures which can establish baseline “normal” behaviors within an organization’s IT environment, and in turn question anything that seems out of the ordinary. Behavioral AI systems analyze characteristics like login patterns to detect anomalies, such as multiple authentication attempts from different locations or unusual device code submissions. By comparing these activities to known-good user behaviors, deviations from the norm can be flagged as suspicious.

And since device code phishing hinges on meeting invites to spread the attack, these should also be monitored. Security teams should regularly audit and flag unusual meeting request patterns, particularly those originating from compromised accounts.

Lastly, security awareness programs should be an ongoing feature of any cybersecurity strategy. Cyber threats evolve constantly, so training should also be continuous. Employees must be trained to recognize the warning signs of device code phishing and understand the risks of entering authentication codes without verification. Creating a culture where security is front of mind when handling unexpected requests is vital.

The time to act is now

As this latest technique continues to prove effective, cybercriminals will no doubt expand their use of device code phishing. Organizations must act now to defend against this emerging threat. A combination of user awareness and strong security policies which are strengthened by advanced threat detection can help organizations to stay ahead.

The sooner organizations implement these measures, the sooner they can reduce their exposure to device code phishing and protect their employees, data, and systems from this growing cyber threat.

We’ve listed the best identity management software.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

read more
Trustpilot
The rating of livingsafeonline.com at Trustprofile Reviews is 9.1/10 based on 13 reviews.
Verified by MonsterInsights