Happy Data Privacy Day! January 28 is like a second Christmas for us. Celebrate with us by viewing these essential tips for your optimal protection of personal data.
Data theft is a growing problem for businesses of all sizes. A breach in data security can cost you greatly in the loss of intellectual property, customer credit card numbers, or employee personal data (including social security numbers or bank account information).
In addition to losing customer and employee trust, victims of data theft can face serious fines if they’re found to be negligent in their personal data protection. Data protection laws such as the Data Breach Notification Legislation, the 2010 Massachusetts Data Privacy Regulation, and the Fair Credit Reporting Act requires that certain measures be taken to protect data.
Listed are of the most common data vulnerabilities:
- Laptops that can be lost or stolen. (In fact, a lost laptop can cost your business $50,000)
- Wireless networks
- Weak firewalls
- Removable media devices - including USB drives, external hard drives, CDs, MP3 players, etc.
The first step in supporting your data safety is to monitor everything. Safety monitoring plans that detect a data breach early can help minimize the damage. Intrusion detection systems (IDC) that monitor the network for malicious activities are critical. Setting up a plan for regular cybersecurity assessments can also be helpful on this front.
Steps to Protect Your Business
The following are steps that you can take to help protect your business from potential data theft.
1. Establish Secure Policies - For hardware that may become compromised, be sure to establish secure policies. All data files should be encrypted. This is especially important on laptops (where full-disk encryption is best) or mobile devices, but also applies to desktop computers. Require all employees to password protect laptops, desktops, tablets, etc.
2. Create a Password policy - Ensure that all employees use strong passwords. By requiring longer passwords that contain letters, numbers, and special characters, you can pose a bit more resistance against data thieves looking to gain access. Encourage that employees do not use the same passwords on multiple accounts. Raise awareness that cybercriminals bank on that to gain unauthorized access into other accounts. You should also consider requiring passwords to be changed periodically. This can go a long way in the case of any disgruntled former employees.
3. Safely Handle Sensitive Documents -Destroy any sensitive documents that are no longer needed and store necessary documents in a secure/locked container until they are ready to be shredded. When it comes time to destroy the documents, assign two or more employees to the task so that there is a system of accountability, and require them to record it when the shredding was completed.
4. Stay Up-to-Date with Current Technology - This is a big one. Any software updates or patches that are designed to correct vulnerabilities should be installed immediately. Antivirus programs need to be regularly updated to protect against the latest threats. Every time an employee postpones an update, they are putting your business at risk.
5. Implement Firewalls - To protect and control access to data across your organization, consider implementing firewalls. It’s critical to have a strong firewall in place. If you don’t have the internal IT resources to guarantee the security of your firewall, it’s recommended that you contract an IT security expert. By skimping on this area, you’re exposing yourself to a major vulnerability.
6. Protect Your Unsecure Wireless Network - Use a strong wireless security protocol, such as WPA2/AES. You may also want to consider limiting access for office visitors, and you should always change wireless passwords any time an employee departs the company.
7. Don't Forget About Your Website - Free CMS platforms like Drupal or Wordpress frequently release security updates. Make sure you’re logging in at least once a week to check for and install any new updates that may come out. This is especially critical for eCommerce sites that may store customer data in the back-end.
By taking necessary precautions, you can save your business from the loss of immeasurable time and money required to recover from data theft. For more help or advice, the cyber security team at Brave River Solutions welcomes you to contact us.