Cyber Security: a top business concern
Data security remains a top business concern. News of data breaches continues to make headlines. Cyber attacks are widespread, targeting American institutions, government parties and public figures. Businesses of every size must pay close attention to data security and data backup.
Data safety can be jeopardized by:
- Employee interactions
- Third-party interfaces
- Remote devices
- Outdated software
4 Data Security Threats/Safeguard Tips
1. Guard Against Internal Threats
According to PWC’s 2014 US State of Cybercrime Survey, more than one in four enterprise data security events originate with insiders such as current and former employees. Poorly trained workers, weak passwords, file sharing, unattended computers and unenforced data security policies can weaken the security of company data. In some instances, bad employee behavior results in leaked passwords and stolen files.
• Data Security Tip: Ensure that laptops have encrypted hard drives only accessible with a 2nd authentication method such as a token or fingerprint scanner. Encourage employees to use password phrases instead of simple passwords. Use different passwords for different sites (social media, email, Intranet, etc.) to reduce the chance of hackers getting access to everything at once. Change passwords often as part of company protocol.
All systems should have methods to implement password complexity and forced changes.
2. Strengthen Vendor Interfaces
Many companies use application programming interfaces (APIs) to move information between their and vendor programs. This expedites processes by eliminating duplicate work. However, depending on the size of a company, hundreds of vendors could be operating within a corporate system, posing potential threats to data confidentiality and integrity. Unfortunately, many businesses do not address third-party data security. According to a 2016 Ponemon Institute report on third party data risk, many IT and data security professionals find it difficult to manage cybersecurity incidents involving multiple vendors.
• Data Security Tip: Ensure that all vendors review and sign a corporate data security policy that requires notification of any breaches involving your data. Encrypted email and multi-factor authentication should be used wherever possible.
Third party software that provides access to corporate data should have additional security mechanisms.
3. Create BYOD Policies
With the growing trend of Bring Your Own Device (BYOD), employees are using their own mobile technology in the office, at home and while traveling to access corporate data. While potentially increasing productivity by enabling employees to maintain constant connectivity to the office, the use of various mobile devices not owned by the company poses challenges regarding unauthorized access to corporate data, uploading viruses and losing information. Some of the most popular mobile devices such as smartphones and tablets are prone to attacks by hackers as employees connect to external Wi-Fi spots without properly security protocols. A lost or stolen device connected to a corporate network also can spell disaster.
• Data Security Tip: Companies supporting BYOD should have policies that outline protocols for workers to access data remotely and incorporate mobile management platforms that ensure devices are securely encrypted and can be remotely wiped if lost or stolen. Parsing outgoing emails for private information such as social security numbers or Private Healthcare Information (PHI) is an added step companies can take to mitigate risk. Locking out external devices such as USB drives is another popular option.
4. Update Software
Software updates guarantee that applications are working with the latest security features. Cyber criminals are known to exploit flaws in software that may exist in previous versions, providing access to corporate data. The same holds true to infrastructures with aging servers and older operating systems. While seemingly operating at sufficient capacity, older technology is prone to higher security risks as hackers understand their vulnerabilities.
• Data Security Tip: Companies must pay attention to firewall\network firmware upgrades as they address security holes and other issues. Keep track of server and PC operating systems end of life to know when support or upgrades will discontinue from the manufacturer. Another option is considering on-demand cloud technology such as Microsoft Office 365 that provides the latest version of Office applications on any device.
Need expert advice and state-of-the-art cyber security protection? Give Nettology a call.
Nettology can help business with — or without IT departments — improve their data security management. We offer technical implementation and administration. We also offer support for hosted applications such as Office 365, firewall/VPN devices, as well as firewall management between client sites and hosted cloud data centers such as Amazon Web Services and Microsoft Azure.
Contact us today to discuss your data security concerns at 610-558-1730 or complete the online inquiry form.