Think You Know Where Data Breaches Come From? You Might be Surprised!
Most business owners know the importance of protecting their data from system failures, hackers and other external threats. However, according to the Online Trust Alliance (OTA), 90 percent of data breaches in the first half of 2014 were preventable, while 29 percent of all data breaches – whether accidental or malicious – were caused by employees.
This is a clear indication that it’s time for all small businesses to sit down with their managed services provider (MSP) to figure out where their information security might be lacking and come up with a plan to combat these weak links. You may be shocked to find how much of it lies with your own staff. Here are a few of our suggestions on what to plan for and where to invest your internal security resources.
Educating Employees
Hackers are continuously getting more sophisticated and it is becoming increasingly harder for the average employee to recognize their tactics. Emails containing dangerous links now look more professional and legitimate, while ill-intending websites, ads and pop-ups asking for personal information are getting harder to recognize.
Make it part of your plan to update employees, on a regular basis, with the latest information they need to keep themselves, your customers and your business safe. This can be done either in a meeting, video conference or even an all-staff bulletin. Your MSP can be instrumental in giving you the biggest at-this-moment threats, updating you on the latest tactics of thieves and sharing vital information your staff can use to combat these threats.
Extra Password Security
The majority of security breaches caused by employees occur through two major avenues: 1). passwords and 2). mobile devices (discussed below). When it comes to creating a secure password environment for all your sensitive information, there are several facets that all have to work together in order to be effective:
Make all access points to all data secure and encrypted – from mobile devices to the network, to individual pages, emails and documents that contains sensitive information.
Use a password generator to create difficult passwords that are nearly impossible to crack. Your virus company may include a password generator or your MSP can recommend one.
Create a culture in which passwords are never shared. Everyone should have their own access credentials for every sensitive page or site you manage. This is the best security approach because the fewer people who can slip up and inadvertently give out sensitive password information, the better. With this approach, when one employee leaves your company, you won’t have to change password information for every person and every page.
Talk to your MSP about advanced ways to keep rogue users from accessing your information, including by employing methods and devices that eliminate concurrent logins, allowing access only from certain locations and setting time limits on log-ins.
Taking Care with Mobile Devices
According to the OTA, 18 percent of data breaches in the first half of 2014 occurred due to lost or stolen devices or documents. We have given information on securing your mobile device because this threat gets bigger the more dependent we become on mobility. In the future, biometric means of security (such as fingerprints) will be the norm. Until then, make sure your employees are using all the lock, password and privacy features on their devices – whether those devices are company-supplied or BYOD.
Keeping Private Information Private
Just like with passwords, the fewer people who have access to sensitive information, the less chance of someone slipping and letting that information get out. Limit the people who have access to your data to only those who absolutely need it and make it part of your practice to limit the sharing of personal information across email and other hackable electronic or online communications.
Not only does limiting the number of people with access to information limit the threat, it makes it easier to find the hole in your security should something sensitive get out.
Creating a Formal Policy
Knowing what you need to do to protect data from internal threats is only half the battle. You can arm your employees with the knowledge to protect your data but it is also important to hold them – and yourself – accountable for implementing your security plan. A written policy, possibly included in your employee handbook, should be given to all new hires and reviewed, as stated above, on a regular basis. This way, employees can understand the important role they play in protecting your company and are clear on what is expected from them.
Keeping your data safe is a changing process that should be reviewed and adjusted as technology – and thieves – evolve. Hiring a trusted MSP with expertise on the changing landscape of data security is instrumental to the ongoing safety of your company and your customers. “
Source: TeamLogicIT.com/FortMyers
Online Test Alliance Best Practices
