How Safe is Your Data? Tips to Protect Against Data Theft
June 7, 2013
Data theft is a growing problem for businesses of all sizes. The loss of intellectual property, customer credit card numbers, or employee personal data (including social security numbers or bank account information) can cost you greatly. In addition to losing customer or employee trust, businesses that are victims of data theft may face state and/or Federal fines if they are found to be negligent in their protection of personal data. Data Breach Notification Legislation (active in 35 states), the 2010 Massachusetts Data Privacy Regulation, and the Fair Credit Reporting Act require that certain measures are taken to both protect data and to handle a breach.
Listed are of the most common data vulnerabilities:
- Laptops that can be lost/stolen (In fact, a lost laptop can cost your business $50,000 dollars)
- Wireless networks
- Weak firewalls
- Removable media devices - including USB drives, external hard drives, CDs, MP3 players, etc.
The first step is protecting your small business from data theft is to monitor everything. Detecting a data breach early can help minimize the damage. Intrusion detection systems (IDS) that monitor the network for malicious activities are critical. Setting-up a plan for regular IT security assessments can also be helpful on this front.
Steps to Protect Your Business
The following are steps that you can take to help protect your business from potential data theft.
- Establish Secure Policies - For hardware that may become compromised, be sure to establish secure policies. All data files should be encrypted. This is especially important on laptops (where full-disk encryption is best) or mobile devices, but also applies to desktop computers. Require all employees to password protect laptops, desktops, tablets, etc.
- Create a Password policy - Ensure that all employees use strong passwords. By requiring longer passwords that contain letters, numbers and special characters, you can pose a little more resistance against data thieves looking to gain access. You should also consider requiring passwords to be changed periodically. This can go a long way in the case of any disgruntled former employees.
- Safely Handle Sensitive Documents - Destroy any sensitive documents that are no longer needed and store necessary documents in a secure/locked container until they are ready to be shredded. When it comes time to destroy the documents, assign two or more employees to the task so that there is a system of accountability, and require them to record when the shredding was completed.
- Stay Up-to-Date with Current Technology - This is a big one. Any software updates or patches that are designed to correct vulnerabilities should be installed immediately. Antivirus programs need to be regularly updated to protect against the latest threats. Every time an employee postpones an update, they are putting your business at risk.
- Implement Firewalls - To protect and control access to all data across your organization, consider implementing firewalls. It's critical to have a strong firewall in place. If you don't have the internal IT resources to guarantee the security of your firewall, it's recommended that you contract an IT security expert. By skimping on this area, you're exposing yourself to a major vulnerability.
- Protect Your Wireless Network - Use a strong wireless security protocol, such as WPA2/AES. You may also want to consider limiting access for office visitors, and you should always change wireless passwords any time an employee departs the company.
- Don't Forget About Your Website - Free CMS platforms, like Drupal or WordPress, frequently release security updates. Make sure you're logging-in at least once a week to check for and install any new updates that may come out. This is especially critical for eCommerce sites that may store customer data in the back-end.
By taking the necessary precautions, you can save your business from the loss of immeasurable time and money required to recover from data theft. For more help or advice, the team at Brave River Solutions welcomes you to contact us via the on-page form, or at 401-828-6611. We offer best-in-class security and IT solutions that will help you keep you business's information safe.