How to Protect Against Data Breaches in 2019
The list of companies suffering data breaches is surprising, especially when many are sizeable companies with plenty of data security resources. Within the past year alone, we’ve seen breaches at businesses such as Dunkin’, Quora, Marriott, Facebook, and T-Mobile, just to name a few. If these dynamic companies are facing issues in security, how can there be hope for small and mid-sized businesses? Fortunately, we’ve got some steps to help keep you secure, regardless of size or budget.
1. Maintain Security Software
Let your IT team do their thing and keep your computer protected with firewalls, anti-spyware software, anti-virus software, etc. When you’re reminded of an update, don’t ignore it or hit “not now” because that often means there is a security gap or vulnerability being fixed. Security isn’t always convenient, but it’s necessary for data protection. Read this list by Norton on why software updates and patches are important.
2. Encrypt Your Data
Any data at rest or in motion should be encrypted. This translates your data into another form that can only be deciphered with the correct code, ensuring your data isn’t easily visible to anyone that shouldn’t have it. If you organization permits portable storage devices, ensure these are encrypted so when lost or stolen, the data will remain safe.
3.Only Keep the Data That You Need
Keep track of the data you store, and where its located. If the data isn’t something your company needs, or it isn’t something you’re required by law to keep for a period of time, delete it. This isn’t so much as a protection, but data that doesn’t exist can’t be stolen. In instances where you see companies receiving fines per contact leaked, you’ll be grateful you kept your PII to a minimum. Remember, GDPR requires you minimize your stored data by mandating you delete any PII that isn’t “adequate, relevant and limited to what is necessary.”
4. Separate Old Data
For the hoarders among us who can’t bear the thought of deleting data, at least separate it for extra protection. Using air-gapped computers or networks to store data is a great way to protect against breaches. To move data to the air-gapped system, you would have to do so physically, such as with a flash drive. The disabled wireless interface reduces risk to physical attacks, helping prevent malware from outside attacks.
5. Safeguard Your Data
Both physical and cyber private data should have restricted access that is only granted to employees whose jobs require it. Furthermore, there should be an activity log that shows who accessed what data and when, for accountability purposes. Take extra precautions to prevent data getting to those who don’t need it such as wiping flash drives and setting copiers to instantly delete what they’ve scanned.
6. Train Your Employees on Policy
It’s often said that humans are both the strongest and weakest components of security. To reduce the number of weak links in your company, provide security awareness training and set policies that enforce proper security behavior. A 2018 report by Shred-it shows that over 40% of businesses reported human error or negligence was the cause of a data breach. Simply giving rules doesn’t help, employees need to know how data breaches occur and how their actions impact security.
None of these steps require an unheard of amount of effort or a very large security budget. In our experience with adjusting the behavior of customers to improve cyber security, it’s often just a struggle to change bad habits. These habits are often seen as quicker and make tasks easier, so it’s crucial for companies to explain to their employees how vital their actions are and provide necessary policy and security training.
To see how we can help you protect against breaches, take a free trial of our CyberWatch platform and schedule a free consultation with our security experts.
Subscribe for our latest posts
Recent Posts
- Top 4 Compliance Challenges in the Energy and Utilities Sector in 2024
- Ultimate Guide to Compliance & Risk Management for Utilities Companies
- What Type of Businesses Need to Comply with PCI DSS?
- How to Use Automated Assessment Software to Manage and Meet Your Security and Compliance Requirements
- Oil and Gas Risk Management