“IT Security threats come in all different shapes and sizes, and just as quickly as we put up barriers, cybercriminals find new ways to break through.” - Gary Watson, CTO of StorCentric and Founder of Nexsan
This past Monday was Data Privacy Day and with all the security breaches and security flaws we’ve seen in the news recently we thought this was the perfect time to talk about ways to improve data security in your organization.
Train your Employees
According to Shred-it “more than 40% of senior executives and small business owners report that employee negligence or accidental loss was the root cause of their most recent data security breach”. Over the years we have repeatedly stressed the importance of cybersecurity training for employees for exactly this reason. All the security tools in the world can’t always combat simple human error. It’s important to teach employees the types of security issues they should be looking for, and help them understand the individual and company wide consequences of a security breach.
Our advice is to formulate your security best practices, make them easily accessible and reviewable, demonstrate them from the top down, and make training continuously throughout the year, not just a “one-and-done” yearly event.
Consult Outside Experts
Chances are, your business doesn’t specialize in cyber-security, and you probably aren’t hiring for cybersecurity experts. Understandable, but you still need someone on your side with expert knowledge on how to keep your data, and your customers data, secure. Whether you’re hiring an external IT provider to help integrate cybersecurity practices with the rest of your technology, or you’re just hiring a cybersecurity specialist to get you on the right track, you’re making the right choice. An expert is going to help you determine the right technology to implement, determine your current risk profile and the best ways to mitigate that risk, help determine all preventative measures and formulate a response plan should the worst occur.
The harder you make it for cybercriminals to hack passwords the better. Two-factor authentication/multi-factor authentication adds a secondary layer of identification between your data and the outside world. The second layer can be an automated phone call, pin codes from text messages or smartphone apps, or physical security tokens. This added layer can give you peace of mind that your employees passwords (which aren’t always the strongest or most unique) aren’t the only thing protecting your company’s data. Check out our blog for more on the different types of secondary authentication. Two-factor is pretty common, so definitely check to see if any of your cloud based services offer this, and if they do, chances are it’s probably fairly simple to enable.
Update, Update, Update
We talk about keeping your devices updated A LOT. Specifically why ignoring update notifications is bad. But, why is it so bad? Updates and patches to both applications and device operating systems fix security flaws and vulnerabilities that have the potential to allow cyber criminals in. It’s also important if you’re in an industry with certain compliance standards, because not having up-to-date software/operating systems could easily put you out of compliance. Always make sure you’re checking for application, software, and operating system updates. Remember this also includes updates to any browsers installed on your device.
Data security isn’t just about the passwords/security software/technology that keep intruders out, it’s also about protecting your information should the unthinkable happen. Regular backups and constant monitoring are so important when you have a wealth of data to protect. Should your company be hit with a ransomware attack, fall victim to some other type of attack or even a natural disaster, having consistent and reliable backups can be the difference between losing 2 hours of data and losing 2 weeks of data. One will be an inconvenience, but the other can cause massive downtime, lost revenue, unhappy customers, and potential damage to your reputation.
Data Security Plan
While we all hope and do everything in our power to ensure the safety of our date, sometimes the worst does happen. This is why having a strategic IT plan, that includes your company’s response procedures during a cybersecurity incident, is extremely important. As a small business, starting a cybersecurity plan isn’t always the easiest but thankfully the FCC Cyberplanner can help get your started and pointed in the right direction.
We know it’s not always the most fun topic, but cybersecurity and data security is extremely important, especially in the ever changing technology driven world we live in today.
See how our Business Continuity for Small Business Guide can help your business prepare for any disaster scenario.