As people start settling into the new year and develop plans and business priorities, one thing is certain. The lifeblood of your business is information. Controlling and protecting your information is critical.
If you look at recent news headlines, you will realize that your data is under assault from everywhere. Just before Christmas, a bogus holiday email card was supposedly sent by The White House to steal documents and other data from law enforcement, military and government workers. The email had a link in it that would download ZeuS malware. This piece of code has been around for awhile and is typically used to steal passwords for banking sites. In this case, it downloaded another program designed to steal Microsoft Word and Excel files from the recipient’s computer.
Last week, someone hacked into a database and stole names, email addresses and Vehicle Identification Numbers (VIN) of 2.2 million Honda car owners. The thieves stole an email list to welcome new Honda and Acura owners. Since the people who stole the list have people’s VINs and email addresses, they could send out fake emails to solicit additional information from car owners.
There are numerous other examples of small and large organizations targeted by criminals, hackers and disgruntled employees. All the recent news about WikiLeaks shows that even if you believe you are protected from outsiders, someone with internal access may cause you trouble. Unfortunately it’s getting easier to steal unprotected information.
One of your New Year’s resolutions should be to control and protect the information that’s critical to your business. This is different for everyone, but some common items are:
- Personally identifiable information (PII) from employees, contractors, partners and customers
- Strategic business plans
- Financial information
- Product designs and drawings
- Customer lists
I was recently talking to a gentleman who runs a small tool and die shop about what was most important to his business. He said the design specifications for his dies. He makes parts for automobile manufacturers and if his dies were stolen, he would lose his competitive edge and possibly go out of business. Fortunately his design files are encrypted so that if someone were to steal them, they couldn’t use them.
Where do you start?
Take an inventory of your critical business information and find out who can access it. Make sure only people who really need to use it are authorized to do so. Next look at how to limit a person’s access through access control lists (ACL) in your applications or operating systems. If you run an internal application, your operating system has an ACL that limits file and application access. If the application has it’s own security or you use a cloud-based application, a user login and password controls access.
Limiting access is important, but protecting your data and the contents of your documents is more important. Make sure that the information is encrypted so that if it gets stolen, it can’t be used. For documents use persistent protection that applies a security policy to control the document no matter where it is. For databases, use built-in encryption or third-party tools to lock down the data.
With all of us making resolutions at this time of year, make a critical one for your business. Take control of your information and protect that which is most important.
Photo credit Qfamily