Ten Tips to Prevent Data Loss
The recent OPM data breach is just the latest in a series of successful hacks on prominent organizations. Within the past year and a half, hackers have successfully infiltrated companies like Home Depot, Sony, Staples, and Target, placing millions of credit card numbers and other sensitive data at risk. The truth is that hackers aren’t picky. Any organization that handles sensitive data could be at risk of a data breach, and that could spell big trouble not only for your customers and employees, but also for your integrity as a business. So how can you keep from becoming the next victim?
Here are our top 10 tips:
- Data Loss Prevention Software—Data loss prevention (DLP) software detects and prevents potential leaks by protecting sensitive data as it is being entered, used, or stored. DLP solutions will also prevent any attempt to copy or send sensitive data without authorization.
- Email Encryption—Email encryption ensures that only the intended recipient can access information sent via email. If you choose to automate encryption, a gateway appliance will automatically encrypt and decrypt any message sent through your company email. Recipients outside the organization can log into an online portal to access their messages.
- Password Training and Implementation—Training employees to use strong passwords and requiring them to change those passwords regularly can help prevent hacks. A strong password uses a variety of different characters including capital letters, numbers, and symbols.
- Two-Factor Authentication—In addition to the password, a second authentication factor such as a pin number, unique image, or biometric component (fingerprint, voice recognition, eye scan) can ensure that only authorized users access sensitive information.
- Virtual Private Networks—A virtual private network enables employees to access company accounts remotely while keeping information secure. If you have employees who work from home or who travel for work, a VPN can give them the same access they have onsite while retaining your network security.
- Employee Training—Many data breaches occur, not because the organization did not have proper protocols in place, but because those handling the data did not follow the protocols. You can help your employees maintain security by providing periodic training in your security protocols for various scenarios.
- Physical Devices—Do your employees use personal devices to access company data? If so, then you should have procedures in place so that they can do so safely. It’s also important to know how many devices and which ones are being used to access sensitive information so that appropriate safety measures can be taken.
- Update Your Cybersecurity Policy—Make sure the policy delineates clear steps that should be taken for storage and disposal of sensitive information including physical forms.
- Periodic Reviews of IT Infrastructure—Technology changes all the time, and your IT infrastructure should change along with it. As new capabilities become available, you will need new security measures to keep data safe. In addition, company growth, new clients, and other changes in the status quo can necessitate a need for upgrading your IT procedures and technology.
- Outdated Devices—When you upgrade your computer system or purchase new mobile devices, make sure you wipe the old ones clean before disposing of them.
While some of these tips may seem like common sense, many small businesses haven’t taken the recommended steps to protect sensitive information. For example, three-quarters of cyber attacks on small businesses occur because a password has been compromised, and just 17% of business owners have implemented strong security measures for personal devices used to access sensitive data. While no procedure can ensure 100% security at all times, you can dramatically reduce your risk of a cyber attack by implementing these tips and keeping your employees up to date on current company policy.
All Articles >>