Data breaches continue to impact businesses long after they’ve occurred. It’s been a year since Home Depot’s data bank was hacked, and their stock is still hovering around $100.00 per share, way below where the current market price should be.
Business owners and managers now take it for granted that their company’s data is going to be under attack. And it’s not just the big companies that are being targeted. Small and medium-sized companies actually make up the most attractive target for hackers.
Use these tools to insure your data stays where it belongs:
Be aware of the enemy within
Outside hackers are not the only ones who want your data. A disgruntled worker, with a score to settle, may be the culprit. Or a careless employee, ignoring protocols, may leave sensitive files vulnerable to attack. Either way, the accounts and mobile devices of employees and business partners must be under constant scrutiny. As long ago as 2001, law enforcement agencies estimated that over 60% of computer security breaches were caused by employees, not outsiders.
This may sound like a Robert Ludlum novel, but...
The public may never know the real story behind the infamous Sony hack last year. Were government agents involved, and if so – which government? The point is to make sure your company stays on the right side of every government agency that you do business with.
Also realize that certain governments make it a habit to block certain ISPs so their citizens can’t access them – and you may not be able to access them either. To get around that while avoiding annoying any particular government agency, use a third-party unblocking service like Smart DNS Proxy.
Change passwords as often as you change your...
Oil in your car. Socks. Satellite channels. Basically, don’t let your password(s) get stale – and don’t use them across the board for every service. Strong password management is crucial to preventing a data breach. The experts say that you should change passwords on important accounts at least every 90 days. You can download a free password management tool at LastPass.
Do your homework when hiring services to incorporate into your business workflow. Use only services recommended by security experts and professional associations. This is one area where the lowest price is not the best bargain for your company; if their protocols are not up to the mark, you could get heartburn from another Heartbleed.
Firewalls and anti-virus protection are still important, but...
The latest predictions for 2015 indicate that automatic firewalls are not as effective as they used to be. They need to be augmented by human intervention. The lesson here is that even the best tools in the fight against malware and hacking needs to be reviewed, updated, and possibly replaced at scheduled intervals. Last year’s firewall could be this year’s Achilles heel.
Initiate a security audit
Especially when your company keeps sensitive personal, medical and financial records, you should hire a professional to initiate a thorough-going security audit. In as much detail as possible.
To encrypt or not to encrypt?
This would seem to be a no-brainer. Of course you want to encrypt your data to make it unintelligible to hackers! But it’s not that simple. For example, if encrypted data becomes corrupted it can be nearly impossible to retrieve, unlike unencrypted data. Follow the best practices of your particular industry when deciding whether or not to encrypt any part of your data base. Find out what your competitors are doing about it, and follow their lead.
Use an online backup service
PC Magazine has just come out with a list of the top backup services for 2015. Should a black hat get into your data and not only steal it but destroy it, you’ll be thankful to have it all backed up in the cloud. Among the benefits of professional online backup are convenience, safety, ease of recovery and affordability.
Hold on to your employees
When an employee leaves it can cost up to one-fifth of their salary to replace them. And a significant part of that cost can involve resetting security protocols to remove their passwords and authority to access data. Any company with a high turnover rate is at a higher risk of incurring a cyber attack, either from a former employee or from an outside hacker who is just waiting to get at an abandoned or vulnerable password.
If for no other reason than to decrease the risk to your data base, see what you can do about lessening the flight of employees. And, although it may sound heartless, insist that all departing employees be thoroughly debriefed and give up all their passwords and company files before they physically leave the building for the last time, and, if possible, receive their final paycheck.