8 Steps to Data Security
Data Security is in the news in some fashion each and every day. From the infamous Equifax breach, to the recently reported Facebook data harvesting, there are an ever-increasing number of new ways to gain access to your information. Humans have moved ahead of machines as targets for cyber crimes. Ransomware has seen a 15-fold increase over the past two years. Cybercrime damage costs an average of $1800 per seat.
While you noodle those stats around, I want you to focus on something. Humans are the targets, not computers, and the highest increase in attack type is ransomware, which typically requires a human to start the attack.
Is there a solution to Data Security?
Yes… and no. There is no single solution to prevent cybercrime and preserve data security. There are, however, a few simple steps you can take to help prevent your organization from being a target.
Employee Training
Data Security should always start with training employees. Talk about data security and what parts of your organizations’ data is considered confidential. Implement policy that defines how this data should be handled, accessed, and distributed. Talk about what attacks can look like. Don’t forget that employees have lives outside of your business. Address their concerns for online safety at home too. Plan and institute Security Awareness Training a few times a year.
Passwords and Two Factor Authentication (2FA)
Having a password isn’t enough anymore. Be sure to use 2FA, so when you access an account that account can send you a code to a device to be sure it is you. 2FA is especially important for banking, ecommerce and other fiduciary oversight. But don’t stop there. A Facebook, personal email, or Amazon account may seem non-critical, but the data that can be gained from gaining access to one of those accounts could be used to gain access to far more sensitive sites. Most web services now offer 2FA as an optional service, just turn it on.
Mobile Device Policies
It’s great that your organization allows you to use your personal phone, tablet or laptop for work. What happens if that device is lost, stolen, or sold and the organization’s data is still on it? Having the ability to wipe it from remote is a good start. Knowing and controlling what was on the device is better. Having the device encrypted and data unusable without a password and 2FA is best.
Antivirus Software
Seems like common sense, but there are places you forget you need it. Think about your mobile devices and out of the way systems that run things like HVAC, and internal cameras. Keep all devices up to date with current software versions and good endpoint protection. That protection may be in the form of anti-virus, network protection, or embedded threat intelligence.
Email Filtering
Email filtering via an anti-spam system coupled with employees that have been trained to spot phishing and other email-based attacks. Have a product in place that can educate, provide ongoing defense and comply with regulatory compliance.
Backup & Data Recovery
Having a good backup is essential to any organization. Simple data backup is better than nothing. Having a snapshot of your server(s) and your data is better. Having a product that continually backs up your data and able to spin your organization back up any time, anywhere at a few moments notice is best.
Secure Your Wifi
Secure WIFI access to prevent persons from outside the organization getting access to your data. Use the highest encryption, strong passwords, and implement Guest WIFI to allow guests and personal devices access to the internet, but not the organization’s internal network. Never use open WiFi without a VPN.
Secure Your Network
Everyone secures their network with passwords. Not everyone limits access to files and network services to those who really need it. Audit the network often and remove rights to services and files that users do not need.