Protect Your Business Sensitive Data
Data breaches are nothing new. Two years ago, the Office of Personnel Management, a U.S. governmental agency, exposed the personal data of contractors and employees. Last week, up to 14 million Verizon subscriber records (including name, cell phone number, and secure PIN) were revealed. After every major cyber attack or breach, companies and consumers ask: How can organizations protect sensitive data?
Much of data security has to do with implementing company-wide practices that safeguard corporate, employee, and customer data. With this in mind, we’ve compiled a few recommendations in the wake of the most recent Verizon breach:
- Education: An ounce of prevention is worth a pound of cure. By educating employees regularly on good cybersecurity practices, you’re adding an invaluable line of defense against breaches. We recommend training employees what information can be shared according to with industry regulations (like HIPAA), how to create strong passwords and use multi-factor authentication, as well as hardware security, like protecting cellphones and laptops with unique passcodes. Another key piece of education? Recognizing phishing and CEO fraud emails, which can ensure employees don’t inadvertently expose data or transfer funds based on fraudulent emails.
- Manage Permissions: The best policy when it comes to permissions is to grant the minimum access required to perform a job. Contractors, for example, should be given access only to data and systems that are critical for their specific role. Regular audits of granted roles and permissions should be performed, and when an employee leaves, ensure access is revoked quickly and all data removed from their devices, particularly if your organization has a BYOD policy.
- Monitor, Monitor, Monitor: Keeping an eye on usage and alerts can help you see if any unusual activity may be taking place. Do you have monitoring tools that allow you to manage and monitor cloud usage and alerts in one place? If not, consider a platform like BetterClouds to help you manage your environments.
- Patch Early and Often: Ensure that your software and systems have the latest security patches available—and, where possible, push critical software updates to company-owned employee devices. This protects against exploitative attacks like WannaCry ransomware, which took advantage of a software vulnerability that had been patched several months before (but users who did not have the current patch were left open to attack).
With these recommendations, your company should be safer from breaches, but it’s important to understand that no organization is immune. Always be prepared for the worst case scenario—be sure to have a disaster recovery and business continuity plan in the event of a data breach.
Want to share your thoughts on this topic with us? Comment below or Tweet at us: @doublehorn.