4 – 5 minutes
In recent years, technological advancements are actually moving faster than IT can keep up, which ultimately increases potential vulnerabilities. The costs of breaches are steadily rising, and as new legislation and compliance mandates are put into place, the penalties for noncompliance are increasing as well.
The IT landscape is evolving before our very eyes as a direct result of a full-on digital economy. Big data, the cloud, social media and mobile have all accelerated the pace of business like many have never experienced. We see the Internet of Things (IoT) exploding and expanding at a prolific pace, with the market expected to reach $1.7 trillion by 2020 — with advanced robotics, automation and artificial intelligence (AI) quickly adding to this rich mix.
The downside to all this evolution? Regulations for governing all this growth haven’t really caught up. The C-suite is on edge and the discussions in the boardroom have turned to questioning IT practices and policies for everything from encryption to data security, network security and endpoint protection. The bottom line is that it’s critical to remain vigilant as data breaches become a daily threat.
Though not 100 percent fail-proof, the following data security tips boast the ability to reduce vulnerabilities, increase data protection and improve the ability to respond and recover should your business’ operations become the victim of cybercrime.
Each of a business’ computers should be equipped with antivirus software, antispyware and updated regularly. Software vendors regularly provide patches and updates to their releases to correct security problems and improve functionality.
Internet connections should be safeguarded via the use of a firewall and information encryption — your Wi-Fi network should also be hidden and secure. To hide a Wi-Fi network, a wireless access point or router should be set up so it does not broadcast the network name, otherwise known as the Service Set Identifier (SSID).
Establishing policies regarding how employees should handle and protect personally identifiable information and other sensitive data is a good practice, as is clearly outlining the consequences of violating the business’ cybersecurity policies.
It’s important to educate employees about online threats and how to protect business data — including safe use of social networking sites — and they should be held accountable for the business’ Internet security policies and procedures.
Depending on the nature of a business, employees might be divulging sensitive details about the company’s internal business to a competitor. For this reason alone, employees should be made aware of how to post online in a way that does not expose any trade secrets to the public or to competing organizations.
While myriad ways to break into systems exist, stolen passwords still present one of the biggest threats.
Your company should consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Further, policies should mandate changes to hard-coded and default passwords that pose a great risk, especially with IoT devices.
If your business uses a card payment system for most customer transactions, this can unfortunately represent a virtual portal into cybercrime. Your company should work with its bank or card processors to ensure the most trusted and validated tools and anti-fraud measures are in place.
Your company may also have additional security obligations related to agreements with a bank or processor. Good practices include isolating payment systems from other less secure programs and not using the same computer to process payments and surf the internet.
Companies should always regularly backup data on all computers, with critical data including all of the following:
Data should be backed-up automatically, if possible, or at least on a weekly basis, and copies should be stored either off-site or in the cloud.
Access or use of business computers by unauthorized individuals should always be prevented, with laptops being particular targets for theft or loss (so it’s best to lock them up when not in use).
It’s also a good idea to create a separate user account for each employee — all of which require strong passwords. Administrative privileges should only be trusted to IT staff and key personnel.
Mobile devices can create significant security and management challenges, especially if they possess confidential information or can access the corporate network.
For this reason, it’s important to require users to password-protect their devices, encrypt their data and install security apps to prevent criminals from stealing information while the phone is on public networks.
Because all of the aforementioned security tips can be difficult to manage alone, we offer the option to handle a company’s cybersecurity tactics through a comprehensive set of services that deliver real results.
We assist businesses of all industries and sizes with:
Call us today to learn more about our steadfast commitment to powerful data security in an increasingly insecure world.