Executives in corporate America have been losing sleep over data losses and IT breaches for years now, and almost every news report seems to offer another reason to worry. The recent Sony data breach illustrates the potential for much more than customer identification and credit card data to be compromised. In that disastrous case, the cybercrimes included health and personnel records, private communications, intellectual property, and the company’s IT infrastructure.
Companies dealing with data breaches are many shapes and sizes. And though accurate figures are difficult to pinpoint, Verizon’s 2014 Data Breach Investigations Report indicates that 25% or more of such losses affect small businesses. For many small businesses, building a secure IT environment can seem overwhelming, but hitting the snooze button isn’t a solution. Instead, rise and shine to meet cybersecurity threats by focusing on the following 10 areas to improve data security.
- Staff training. Most data breaches are due to simple human error. According to Verizon’s report, less than one percent represent advanced attacks by skilled hackers. Teaching staff basic IT safety protocols—for example, logging out before leaving workstations—can help to prevent unauthorized access to company data. Of course, don’t stop with training; monitor implementation of these processes.
- Identification. Company data is often stored in multiple places and not formally tracked. Businesses should locate all repositories of private data and create processes for protecting and tracking it.
- Retention. Is the sensitive data necessary for business operations, and/or is its’ retention required? Knowledge may equal power, but then data equals responsibility. In some cases, the company may decide that certain data creates more liability than it is actually worth. If that’s the case, then in addition to traditional paper shredding and CD destroying, scrubbing computer files and hard drives should also be completed regularly.
- Reinforcement. Every system has weak points. Wireless networks, for example, are easily breached. Companies should use the latest security options for securing access (WPA2) and also use a unique name for the network that doesn’t reveal the make or model of the router.
- Password protocol. It’s important to maintain secure passwords whose complexities provide strong barriers to unauthorized access. Additionally, passwords should be updated frequently and deactivated when employees are terminated.
- BYOD safety. BYOD, or “Bring Your Own Device,” is a popular policy at some small businesses. For companies employing this tactic, all devices that access company data or networks must be clear of viruses and malware. Plus, employees should be educated about the risks to both personal and business property if they choose to download files from the Internet or use stolen software.
- Encryption. Using encryption to hide local and cloud-contained data can minimize the damage from unauthorized access to private company files.
- Vigilance. Staying up-to-date on IT security developments will provide a large measure of safety. Businesses should monitor emerging threats and recommended solutions, taking the time to patch and update software with solutions that address new viruses and vulnerabilities as they are introduced.
- Expertise. It’s hard to find a substitute for qualified IT talent. Hiring or outsourcing staff with current IT security skills and the necessary knowledge to safeguard company data and systems is a must.
- Adherence. All too often, data breaches occur where known vulnerabilities simply weren’t addressed quickly enough. If IT experts point to a problem, then it’s time to take immediate, preventative action.
Rest Easy with CRI
Securing your company’s data is essential to thriving in the digital age—and likely for your beauty rest. To uncover and avoid potential threats to your company’s valuable data, contact CRI’s cybersecurity consultants to schedule a data security assessment.