Data breaches continue to torment organizations. There are numerous examples of malicious or inadvertent data breaches throughout businesses and organizations of all types and sizes. Hackers get all the press, but insiders pose as great a risk as any external party when it comes to vulnerabilities.
Regardless of who you are, your information is under attack.
With the start of September and most employers still focused on remote workers, now is a good time for a few tips on preventing a data breach.
- Identity sensitive data – before you can prevent a data breach, you need to know the sensitive data you collect, store, transmit, or process. Hackers and malicious insiders target non-public personal information (NPI), personally identifiable information (PII), and intellectual property, like designs, patent documents, or trade secrets.
- Encrypt sensitive data – encryption with a centralized access policy helps protect the security and privacy of files as they are transmitted, while on your computer, in the cloud, and in use. Encrypt all sensitive information with a data-centric security policy using Advanced Encryption Standard (AES) 256-bit cryptography. Only give access to those who need it to do their jobs.
- Secure sensitive customer, employee, or patient files – store paper files containing sensitive information in a locked drawer, cabinet, safe, or another secure container when not in use. This becomes more of an issue as people continue to work from home and use local printers to print and review information.
- Properly dispose of sensitive data – shred physical documents containing sensitive data prior to recycling. Remove all data from computers and electronic storage devices before disposing of them. If the documents are encrypted, there is less potential for a data breach even if accidentally left on a device.
- Use password protection – password protect your computers, including laptops and smartphones, and access to your network and servers. Since so many applications are in the cloud, consider a single sign-on (SSO) and multi-factor authentication (MFA) solution to strengthen your access policies.
- Protect against viruses and malware – install and use antivirus and antimalware software on all of your computers. Don’t open email attachments or other downloads unless you’re sure they’re from a trusted source. Phishing attacks are still one of the main culprits of data breaches.
- Keep your software and operating systems up to date – install updates to security, web browser, operating system, and antivirus software as soon as they are available. Hopefully, these processes are automated, but it’s good to check and automate them if possible.
- Secure access to your network – ensure your network firewall, proxy server, and other network appliances are up to date with patches. Enable your operating system’s firewall. Ensure your Wi-Fi network is password-protected, secure, encrypted, and hidden so that its network name or SSID can’t be picked up by the public. This is very important for work at home scenarios, even if you are using a VPN to access corporate resources.
- Verify the security controls of third parties – before working with third parties that have access to your data or computer systems or manage your security functions, be sure their data protection practices meet your minimum requirements and that you have the right to audit them. It’s best to have a vendor risk management policy in place to address these needs.
- Train your employees – people are the weakest link in security, so make sure your employees understand your data protection practices and their importance. Document your policies and practices, and distribute them to everyone. Review them regularly and update them as required. Be sure to retrain your staff as updates are made.