10 Data Security Tips to Minimize Business Disruption
Your business is built on the quality of your data—protecting it is integral to business success. Cybersecurity threats increase every year, with 2020 noted as one of the worst ever. Business resiliency depends on your ability to not only mitigate the risks of cybersecurity threats but also have strong measures in place to minimize business disruption if an attack occurs. We’ll cover some tips to protect yourself against threats and finish up with some crucial steps to take now to prevent disaster if the unthinkable happens.
Protection Tip #1: A strong firewall won’t keep everything out, but it’s a crucial start to protecting your company’s data. The same goes for ensuring all company computers have effective security and anti-SPAM software. In addition, make sure you’re using your router’s highest encryption setting and that the broadcasting function is off. It’s hard to hack what’s hard to find and cybercriminals are more likely to target low-hanging fruit.
Protection Tip #2: Passwords are an easy target for cybercriminals. Ensure your employees are required to keep passwords long and strong—mixing upper- and lowercase letters with numbers and symbols. Enforce mandatory password resets as well as restrict the use of previous passwords. Consider incorporating password training into your onboarding process and as part of ongoing training for your staff. Want to do the extra credit? Invest in electronic password manager programs for your employees—it will encourage them to use more complex and random passwords (because they don’t have to remember them) and discourage them from leaving their passwords lying around on post-it notes.
Protection Tip #3: Sensible data access policies are a necessity! Not everyone in your organization needs access to every piece of sensitive data. Implement thoughtful and logical tiered classification policies for your data that lay out exactly how different types of data should be handled and by whom. And don’t forget to always remove data access for former employees!
Protection Tip #4: Remote work is today’s reality. When employees are working from their own devices, the possibility of a data breach increases. Does your company have a Bring-Your-Own-Device (BYOD) policy? If not, build a policy that clearly designates what data can and cannot be accessed by or copied to a personal device. In addition, if employees want to use their own devices, make sure those devices have the same security standards that you require on all internal devices. That policy should also cover removable storage devices—like USB drives. Want to go a step further? Require that all data copied to personal devices and removable storage devices be encrypted.
Protection Tip #5: Training, training, training. Include cybersecurity in all employee training—starting with onboarding. Along with teaching your employees the policies you’ve put in place to keep your data secure, educate them about the methods that cybercriminals use and what to look out for when it comes to suspicious emails or files. Make sure your employees internalize that keeping data secure is everyone’s responsibility.
Protection Tip #6: Monitor what’s happening on your company computers and use the Principle of Least Privilege. The most common ways malware and ransomware are introduced to a network is by the installation of unauthorized software on a computer or someone with Administrator credentials accessing a suspicious website. Ensure that only those who need Administrator privileges have them.
Recovery Tip #1: One of the greatest business disruptions caused by cybercrime is the loss of data. Some companies never fully recover from a substantial data loss. Data back-up is integral to your business resiliency, ensuring that you can still access a copy of all sensitive and necessary data after a breach.
Recovery Tip #2: Invest in software that constantly monitors your network and searches for anomalies. The best indicator of successful recovery from a data breach is the swiftness with which it is discovered. A significant investment in comprehensive software to detect and diagnose problems will keep damages as small as possible.
Recovery Tip #3: Whenever possible, enable remote location and device-wiping. If a tablet, laptop, or phone with sensitive information does get lost or stolen, a tracking app can assist with recovery and, if it can’t be recovered, the ability to wipe the device remotely will minimize external access to any data.
Your Business Disaster Recovery plan should always include cybercrime. Cyberattacks can be expensive—in time, money, data, and reputation. Spending some time and money upfront to prevent attacks and make sure you’re set up to recover quickly with a little disruption to business as possible is worth it.
