There is an increase in the frequency and efficacy of data breaches that can bring a firm’s operations to a standstill. Data breaches are often the result of vulnerable hardware and software where security measures may be weak or out of date, presenting an opportunity to hackers and ransomware. Far too often, businesses do not realize they are victims of breaches for days or even weeks, and by then, there is often nothing that can be done to repair the damage.
Most companies manage sensitive information that is highly valuable to the company and its clients. The inherent problem is that the information also holds value to “bad guys” looking to monetize this sensitive data, which makes every company a potential target. For the same reason that alarms, armed guards, and bulletproof glass are in banks and jewelry stores (but not at fruit stands, for example) companies need to take similarly high precautions to protect their valuable data.
So how can you protect yourself and your firm’s data?
- Two Factor Authentication. You are likely already familiar with two factor authentication for access to things like your email, line of business applications, cloud services, and remote access. It requires a username and password plus one other method, like another question and answer or a physical token, to confirm a user’s identity. Therefore, if a password is leaked, the second factor prevents access to the secure data or system.
- At Rest Data Encryption. Data encryption on hard drives is important so that if a PC or laptop is stolen, the data on it is unable to be accessed. The physical item is essentially rendered useless to the thief.
- Password Policies. Every company should set their own password policies regarding length and formation requirements, in addition to how frequent passwords must be changed. Beyond that, all passwords must be stored securely, not in a notebook or in a Word or Excel file, for example.
- Secure Email. Email is the quickest path into a company’s network. Phishing takes advantage of unsuspecting employees who click on malicious links that can install and spread malware. To secure a firm’s email, it is vital to have strong malware and content filters for both inbound and outbound messages. To combat phishing attacks, a company should also employ sandboxing whereby incoming attachments are held in a protected environment until it can be determined that there are no hidden, malicious codes. Once deemed safe, the email can be delivered to its intended recipient.
- Education. Data security is essentially a game of cat and mouse. The more secure we get, the more creative hackers become. Employees need regular training so they know what to look out for. Testing should occur several times a year to ensure that employees are alert and to determine what additional or re-education is needed.
While this is not an exhaustive list, it does provide a solid foundation for any company to evaluate its cybersecurity practices to best ensure that your company and technology is best optimized to protect both your firm and your clients.