These 3 Steps Could Prevent 85 Percent of All Data Breaches


A great many cyber calamities are preventable through basic cybersecurity hygiene.

Last year, data breaches of both private sector companies and the federal government dominated headlines.

In short, a lot of organizations got owned. And if early 2015 is any indication, there’s much more to come.

Yet, a great many of these calamities are preventable through basic cybersecurity hygiene, according to Ann Barron-DiCamillo, one of the U.S. government’s foremost cybersecurity experts.

DiCamillo, the director of the Department of Homeland Security’s Computer Emergency Readiness Team, told an audience at the Symantec Government Symposium on Wednesday that about 85 percent of data breach incidents could be prevented by following three essential steps:

  • Reducing administrative privileges (think Edward Snowden’s access to National Security Agenda data);
  • Application whitelisting (Not letting unauthorized programs run because, well, why would you?); and
  • Software application patching (This has been a problem for more than a decade).

“These controls, if monitored, would reduce about 85 percent of incidents,” DiCamillo said. “We’re trying to emphasize the importance of getting back to cyber hygiene.”

Information sharing is also key, DiCamillo said.

“Cyber has no borders, so it’s important to have those relationships” with the private sector, between agencies and in some cases, international partners, she said.

With a small talent pool -- even NSA struggles to keep its top talent -- DiCamillo would like to prevent as many high-level incidents as possible.

You know that sign in the bathroom that says, “Employees must wash their hands”? It’s there because washing your hands helps prevent the spread of myriad germs and bacteria. The same basic hygiene practices apply to cybersecurity.

Wash your hands, people.

(Image via wk1003mike/