When managing your network, developing an app, or even organizing paper files, sound security is no accident. Companies that consider security from the start assess their options and make reasonable choices based on the nature of their business and the sensitivity of the information involved. Threats to data may transform over time, but the fundamentals of sound security remain constant. As the Federal Trade Commission outlines in protecting personal information: A guide for business, you should know what personal information you have in your files and on your computers, and keep only what you need for your business. You should protect the information that you keep, and properly dispose of what you no longer need. And, of course, you should create a plan to respond to security incidents.
Here are a few items that you should consider and were a cause of many incidents in the past:
1. Phishing Scams
Phishing emails mimic messages from someone you know or a business that you trust. They are designed to trick people into giving up personal information or clicking on a malicious link that downloads malware. Thousands of phishing attacks are launched every day.
2. Control Access to Data Sensibly
Once you’ve decided you have a legitimate business need to hold on to sensitive data, take reasonable steps to keep it secure. Not everyone on your staff needs unrestricted access to your network and the information stored on it. For your network, consider steps such as separate user accounts to limit access to the places where personal data is stored or to control who can use specific databases. For paper files, external drives, disks, etc., an access control could be as simple as a locked file cabinet. Administrative access, which allows a user to make system-wide changes to your system, should be limited to the employees tasked to do that job.
3. Store Passwords Securely
Don’t make it easy for interlopers to access passwords. Three of the FTC’s settlements in this area have alleged that:
- The company stored network user credentials in the clear, readable text that helped a hacker access customer credit card information on the network;
- The business allowed customers to store user credentials in a vulnerable format in cookies on their computers.
- A company failed to establish policies that prohibited employees from storing administrative passwords in plain text in personal email accounts.
4. Protect Your Network
After your employee’s training, ensuring the security of your network is a critical component in protecting yourself from a data breach.
Work with your Manage IT Services provider to protect your network with encrypted communication, VPNs, firewalls, vulnerability scans, penetration testing, and more.
Cleaning up attacks from hackers, malware, and viruses is almost always more costly than preventative maintenance.
5. Guard Against Brute Force Attacks
Remember that adage about an infinite number of monkeys at an infinite number of typewriters? Hackers use automated programs that perform a similar function. These brute force attacks work by typing endless combinations of characters until hackers lock into someone’s password. Implementing a policy to suspend or disable accounts after repeated login attempts may help to eliminate the risk of brute force attacks.
Implementing these measures will help defend your systems from malicious theft of data, but one must stay ever-vigilant. Every day, criminals are finding new ways to attack our systems, and so one must keep innovating to stay ahead of them.