In August, Russian hackers stole 1.2 billion user name and password combinations and more than 500 million email addresses from thousands of websites. It’s unclear it this was a general trolling exercise or targeted attacks. Either way, sensitive information was compromised.
There are numerous other examples from the large to small of malicious or inadvertent data breaches throughout businesses and organizations of all types and sizes. Hackers get all the press headlines, but insiders pose as great a risk as any external party when it comes to vulnerabilities. Regardless of who you are, your information is under attack.
With the end of the year holidays approaching, now is a good time for a few tips on preventing a data breach.
- Secure sensitive customer, employee or patient data – store paper files and removable devices containing sensitive information in a locked drawer, cabinet, safe or other secure container when not in use. Only give access to those who need it to do their jobs, whether in paper or electronic form.
- Properly dispose of sensitive data – shred documents containing sensitive data prior to recycling. Remove all data from computers and electronic storage devices before disposing of them.
- Use password protection – password protect your computers, including laptops and smartphones, and access to your network and servers. Require employees to have a unique user name and a strong password that is changed at least quarterly and don’t share credentials with other users.
- Control physical access to your computers – make sure servers, desktops and laptops are locked in place when unattended. Limit network access on computers in public spaces, such as the reception area.
- Encrypt data – encryption helps protect the security and privacy of files as they are transmitted, while on the computer and in use. Encrypt all sensitive information with a data-centric security policy.
- Protect against viruses and malware – install and use antivirus and antimalware software on all of your computers. Don’t open email attachments or other downloads unless you’re sure they’re from a trusted source.
- Keep your software and operating systems up to date – install updates to security, web browser, operating system and antivirus software as soon as they are available.
- Secure access to your network – ensure your network firewall is up to date with patches. Enable your operating system’s firewall. Ensure your Wi-Fi network is password protected, secure, encrypted and hidden so that its network name or SSID can’t be picked up by the public.
- Verify the security controls of third parties – before working with third parties that have access to your data or computer systems or manage your security functions, be sure their data protection practices meet your minimum requirements and that you have the right to audit them.
- Train your employees – people are the weakest link in security, so make sure your employees understand your data protection practices and their importance. Document your policies and practices and distribute them to everyone. Review your practices regularly and update them as required. Be sure to retrain your staff as updates are made.
Photo credit Sam Churchill