Today is Groundhog Day in the United States. For all of us who are weary of this winter, Punxsutawney Phil did not disappoint this morning on Gobbler’s Knob. He did not see his shadow, so the tradition is that we will have an early spring. For all of us watching the snow continue to pile up, that’s a great relief, but I can’t help having a feeling of déjà vu with the snow. I hope Phil is right, but I have my doubts.
When I read the headlines about data breaches every morning I’m reminded of Bill Murray in the movie Groundhog Day, where he keeps waking up to the same day. It’s the same day to everyone else, but things change for him. This is déjà vu at its worst, but think about the constant barrage of data leaks and breaches just in the past week. I feel like I am seeing the same issues over and over and over.
Here’s a small sampling:
- 2/1/2011 – University of Iowa Hospitals disclosed data breach involving medical records
- 1/31/2011 – 28 million Plenty of Fish users’ personal details hacked
- 1/29/2011 – Birth certificates and internal council emails found in a household garbage bin
- 1/28/2011 – Thousands of customers getting new debit and credit cards after security breaches
- 1/26/2011 – North Carolina says disks containing personal information are missing
Maybe I keep waking up to the same day over and over again. It looks to me as if people and businesses are just not learning from the past. Every day there is another headline and most of the time it’s the same things. Someone gets hacked because they didn’t apply a security patch to a server or database. Someone forgot to shred confidential documents before disposing of them. Someone had access to information that they shouldn’t have. Someone clicked on a link in email that installed malware on their computer.
I know that many data breaches are caused by new exploits that don’t yet have a solution, but many can be eliminated by basic precautions. Most of the time it’s a system or application vulnerability that needs to be patched or a simple matter of providing the right access controls on systems. For physical data breaches, it’s usually a matter of policy or lack of proper training.
Here are 10 basic tips to help prevent a data breach:
- Implement a firewall for your network and on each computer
- Change system defaults for passwords on all servers, applications, routers and other network appliances
- Run updated antivirus/malware/spyware software on all computers
- Keep all your computer operating systems up to date with security patches
- Install all application security patches on servers, desktops and laptops
- Only allow authorized access to computers and applications
- Keep portable devices and media in your possession or locked up at all times
- Encrypt personally identifiable information (PII) data in all databases
- Encrypt data on all portable media and devices
- Shred paper documents before disposing of them
Whether your information is on a computer, paper or some portable media, you need to take the same precautions. Don’t forget paper documents are sources of breaches.
In the movie Groundhog Day, Bill Murray learned from his daily mistakes and started making progress toward becoming a better person. It was a long hard struggle for him, but he made incremental changes everyday. Take a tip from him and start making these changes in your business. It’s not hard, but it does take commitment and perseverance.
Photo credit purplepassion59