8 Tips to prevent data breaches
Published 22 January 2015
Securing electronic messages should be one of the top IT priorities for organizations in 2015. The process should not be overly complex or expensive, but it does require proper planning and regular revisions. While there is no such thing as a 100 percent breach-proof security system, the majority of attacks can easily be prevented by following the simple steps outlined in this article.
Data breach incidents occur when unauthorized parties gain access to sensitive or confidential records. Sensitive Corporate records can be breached virtually anywhere - on internal servers, in the cloud, or simply intercepted while in transit to a third party.
When thinking about data breaches, most people imagine professional hackers breaking into a highly secured data system. It is a popular image introduced by Hollywood and often favored by the press. The reality, however, is much more banal. Data breaches often happen through a simple e-mail transmission, human error, inferior passwords, or poorly thought out security measures. Often we hear about large and highly publicized data breaches, but statistically speaking, small companies are affected at a far greater rate.
According to Forbes, in 2013 alone, about 40 percent of small businesses were victims of data breaches. Small businesses with limited resources pay dearly for losing sensitive data — it is estimated 60 percent of small organizations hit by cyber security attacks will close within six months.
Over the past five years, according to Beazley, we have seen a 30 percent increase in data breaches, especially due to malware and hacker attacks. This trend is expected to increase even more over the next several years. Once viewed as merely an inconvenience, data breaches often cripple many small businesses, as data is the most important asset of companies. Failure to protect consumer and corporate data will result in low consumer confidence, reduction in business, regulatory fines and financial losses. Current government regulations are targeted at organizations of all sizes, requiring companies to implement policies and procedures in order to safeguard sensitive consumer information.
If you are one of the many organizations confused about how successfully to protect against data security vulnerabilities, then you are not alone. With a little effort and strategic planning, however, electronic data protection can be successfully implemented by organizations of all sizes.
The following eight steps will help you properly assess your current electronic communication security situation, provide you with guidance to implement appropriate measures, and shield your data from being exposed or exploited.
- Understand regulatory compliance requirements — To begin planning a security strategy, be aware of regulations affecting your business. These regulations can range from federal and state laws covering all businesses when handling sensitive customer data to regulations targeted at your specific industry. Implement a quarterly review of these regulations to ensure adherence.
- Identify and assess security risks in your organization — Determine the location of all sensitive data and whether any protective measures are currently in place. Also, determine how your sensitive information is distributed (via e-mail, texts, or various other channels) and who has access to information stored on corporate servers as well as in the cloud.
- Establish written security policies regarding collection/use of personal information — This is a document requiring semi-annual updates and should define the following items:
- Proper storing and disposal of electronic personal data
- Identify an officer responsible for information security
- Identify users inside your company with access to sensitive information, especially those with administration rights or unrestricted access to data
- Adopt a least-privilege approach to data, providing users only enough access privileges to allow them to complete their duties
- Block social media channels you cannot or do not wish to supervise
- Automatically log users out and lock computers when not in use
- Educate your employees regarding common scam methods/breach threats — Many internal breaches occur due to simple human error or lack of awareness, making it important to ensure your employees are aware of their actions and understand how to protect sensitive data.
- Take steps to protect when accessing Wi-Fi networks— Since this is one of the easiest way for perpetrators to access your data. Precautions should include:
- Use Wi-Fi networks with caution when traveling, only use wireless networks secured with passwords
- Ensure business Wi-Fi networks are secured at all times. Utilize a VPN (Virtual Private Network) when possible
- Ensure all devices are adequately secured— Since data leaks can occur across all channels. Important things to remember include:
- Utilize complex passwords on mobile and computer devices
- Limit users to only devices which can be adequately protected and monitored
- Always install patches and updates as soon as they become available
- Ensure all software downloads are from trusted sources
- Use encryption technology — This is a proven way to prevent security attacks. Studies in 2013 indicate that 73 percent of all breaches could have been prevented if encryption technology was utilized. Implementing encryption technology to protect consumer data is a safe harbor under most state or federal breach regulations, according to Beasley. Utilize a layered approach in all communication channels including computers, mobile devices, networks, and hard drives.
- Revise and improve your email usage standards — While 70 percent of businesses consider e-mail as the top means of communication, it is surprising that they often take so little care to secure it. Unsecured e-mail is easily accessed even by the most inexperienced hackers. E-mail confidentiality statements are not adequate, nor do they protect from regulatory violations. The only sensible solution is to implement a user-friendly e-mail security product or service.
— See also “Beazley announces finding from analysis of 1,500 data breaches,” Beasley, 18 September 2014; “Your Business Is Never Too Small For A Cyber Attack, Here’s How To Protect Yourself.” Forbes, 13 May 2013
Todd Sexton is the CEO of Identillect Technologies Inc.
No comments:
Post a Comment