As news headlines report recurring events of data breaches affecting American institutions, government parties and public figures, businesses of every size must take a closer look at the security of their data that goes beyond data backup. Employee interactions, third-party interfaces, remote devices and even outdated software can affect the safety of your data. Here are some tips to address potential security threats in these areas:
Guard Against Internal Threats
According to PWC’s 2014 US State of Cybercrime Survey, more than one in four enterprise data security events originate with insiders such as current and former employees. Poorly trained workers, weak passwords, file sharing, unattended computers and unenforced data security policies can weaken the security of company data. In some instances, bad employee behavior results in leaked passwords and stolen files.
Data Security Tip: Ensure that laptops have encrypted hard drives only accessible with a 2nd authentication method such as a token or fingerprint scanner. Encourage employees to use password phrases instead of simple passwords and change them for different sites (social media, email, Intranet, etc.) to reduce the chance of hackers getting access to everything at once. And change passwords often as part of company protocol. All systems should have methods to implement password complexity and forced changes.
Strengthen Vendor Interfaces
Many companies use application programming interfaces (APIs) to move information between their and vendor programs to expedite processes by eliminating duplicate work. However, depending on the size of a company, hundreds of vendors could be operating within a corporate system, posing potential threats to data confidentiality and integrity. Unfortunately, many businesses do not address third-party data security. According to a 2016 Ponemon Institute report on third party data risk, many IT and data security professionals find it difficult to manage cybersecurity incidents involving multiple vendors.
Data Security Tip: Ensure that all vendors review and sign a corporate data security policy that requires notification of any breaches involving your data. Encrypted email and multi-factor authentication should be used wherever possible. Third party software that provides access to corporate data should have additional security mechanisms.
Create BYOD Policies
With the growing trend of Bring Your Own Device (BYOD), employees are using their own mobile technology in the office, at home and while traveling to access corporate data. While potentially increasing productivity by enabling employees to maintain constant connectivity to the office, the use of various mobile devices not owned by the company poses challenges regarding unauthorized access to corporate data, uploading viruses and losing information. Some of the most popular mobile devices such as smartphones and tablets are prone to attacks by hackers as employees connect to external Wi-Fi spots without properly security protocols. A lost or stolen device connected to a corporate network also can spell disaster.
Data Security Tip: Companies supporting BYOD should have policies that outline protocols for workers to access data remotely and incorporate mobile management platforms that ensure devices are securely encrypted and can be remotely wiped if lost or stolen. Parsing outgoing emails for private information such as social security numbers or Private Healthcare Information (PHI) is an added step companies can take to mitigate risk. Locking out external devices such as USB drives is another popular option.
Software updates guarantee that applications are working with the latest security features. Hackers are known to exploit flaws in software that may exist in previous versions, providing access to corporate data. The same holds true to infrastructures with aging servers and older operating systems. While seemingly operating at sufficient capacity, older technology is prone to higher security risks as hackers understand their vulnerabilities.
Data Security Tip: Companies must pay attention to firewall\network firmware upgrades as they address security holes and other issues. Keep track of server and PC operating systems end of life to know when support or upgrades will discontinue from the manufacturer. Another option is considering on-demand cloud technology such as Microsoft Office 365 that provides the latest version of Office applications on any device.
Nettology can help IT departments maintain the security of corporate data through technical administration and support for hosted applications such as Office 365, firewall/VPN devices, as well as firewall management between client sites and hosted cloud data centers such as Amazon Web Services and Microsoft Azure. Contact us today to discuss your data security concerns at 610-558-1730 or complete the online inquiry form.