In this techno-savvy and connected world where data is power, losing sensitive company information can prove detrimental to the success of every organization. Companies across the world are adopting various ways and means to keep their data safe from prying eyes. Organizations of all sizes are vulnerable to data breaches – don’t make the mistake of assuming yours is too small or of not enough interest to be an attractive target. Companies are waking up to the challenges of data theft and putting in place such safeguards as content security, mobile security, tech security and information security management systems to keep their sensitive information secure.
According to business security provider RSA, cybersecurity incidents doubled between 2016 and 2017, from about 82,000 to a record 160,000. And attacks are becoming more targeted and strategic. One example is the recent emergence of malware specifically designed to attack industrial control safety systems. Finally, the costs associated with damages from cyber incidents are skyrocketing – including an increase of more than 15 times in ransomware costs alone from 2015 to 2017.
Whether it is your corporate training material or customer information, you need to protect your data to maintain the integrity and sustainability of your organization. The more your content moves from one place to another, the more it is at risk. Because many breaches occur because basic best practices were not enacted – or enforced – here are the fundamental steps necessary to establish data security.
Data encryption is the process of changing your data into another form (or code) so that people who have access to a secret key or password can read it. It is also one of the safest and most widely used security methods to protect company information.
Our June 2018 blog post, “Cybercrime, Why You Need Data Encryption,” covers this important issue in detail. From business information to your clients’ sensitive data, exposure could lead to significant losses – including legal liability and regulatory fines. This is a real possibility if your organization must be compliant with FIRNR (financial), GLBA (financial) or HIPAA (healthcare) regulations.
Identify the importance of keeping company data secure, and have a written policy for employees to learn and refer to. However, people don’t always read the material, or retain information after a single training session. Creating an information security management system (ISMS) provides a comprehensive means across your organization for establishing a set of policies, procedures, technical and physical controls to protect the confidentiality, availability and integrity of information.
- It helps manage information in all its forms, including digital, paper-based, intellectual property, company secrets and data on devices and in the cloud, hard copies and personal information.
- It helps the company defend itself from technology-based risks and other, more common threats such as poorly informed staff or ineffective procedures.
- It reduces costs spent on indiscriminately adding layers of additional technology that might not work, due to the risk assessment and analysis approach.
- It constantly adapts to changes both in the environment and inside the organization to reduce the threat of continually evolving risks.
BYOD security best practices
As employees increasingly use their own devices for company work, keeping their laptops, phones and tablets secure is a major challenge. Although BYOD (bring your own device) offers companies considerable advantages – such as a more flexible/mobile workforce, increased productivity and less expense on outfitting employees with hardware – there are significant security risks that can leave companies vulnerable to data theft and other cybercrimes.
Our sister company, DocuServe, covers the issue of BYOD security in depth in its May 2018 blog post, “What You Need to Know Before Your Company Adopts BYOD.” Advice includes the following:
- Lost or stolen device – Steps employee needs to do to report it, and what company will do to protect its data. For example, once the loss of the device is reported, the company will immediately remotely wipe the device. Employees need to understand that even if the device is recovered, all data – including their personal data – is gone forever (for all practical purposes).
- Limit the use of apps – According to Sam Imandoust, Esq., legal analyst for the Identity Theft Resource Center, apps can provide an open door to malware installation and data breaches.
- Install up-to-date security software on all devices.
- Regular backup of all locally-stored data on a regular basis – With the aforementioned procedure for remotely wiping lost or stolen devices.
- Restrict the use of jailbroken or rooted devices on your corporate network – while these devices may have increased functionality, they’re also more exposed to security threats. This is due to the fact that they’ve been modified to bypass standard protections offered by the mobile operating system.
- Only connect to a secure Wi-Fi network – Unsecure networks leave devices vulnerable to hacking and other types of attacks. Because employees may need to use their device in a location with public Wi-Fi, Michaels recommends companies deploy a secure virtual private network (VPN) to keep data safe from interception.
You wouldn’t think this should still be necessary to reiterate, but “Password,” “123” and your dog’s name are not good passwords. Your employees may be in a hurry when asked to create what seems to be their bazillionth password, yet taking the time to do it right will pay off in greater security. Recommendations for a strong password are as follow: eight to 12 characters long; a mix of letters (lower and upper case), numbers and symbols. Make it a rule to change passwords every 90 days, which is considered industry best practice.
How Secure is Your Password? From Tutorials with GS
Antivirus protection updates
Again, no organization has the luxury of flying under the radar of data thieves. Cybercriminals and other bad actors are constantly finding ways to breach security measures – and companies specializing in antivirus protection are constantly trying to anticipate and head off the latest virus or malware attack. It does little good to have antivirus software if you don’t install updates or make needed upgrades to accommodate the changing needs of your organization. If you outsource your IT services, meet with your IT specialist on a regular basis to make sure your protection stays up-to-date.
Regular data backups
It is essential to back up your data regularly. According to Information Management, 93 percent of companies that lost their data center for 10 days or more during a disaster filed for bankruptcy within one year of the disaster (National Archives & Records Administration); and of companies that suffer catastrophic data loss, 43 percent never reopen and 51 percent close within two years (University of Texas).
The Information Management article features excellent advice and insights from leading IT specialists on the importance of performing backups. The article was written for the occasion of World Backup Day – an annual observation held on March 31. The significance of that particular day? It’s the day before April 1 – otherwise known as April Fools’ Day. In other words, don’t be a fool – back up your data on a regular basis!
The solutions we offer at eServe can get your organization off to the right start in following data security best practices. We offer reliable data encryption solutions for businesses of all sizes, types and geographic locations. From our physical data center to the cloud, eServe helps organizations remain protected and in control. Contact us to learn more.