Minimize Internal Threats to Data Security

In today’s digital era, it is hard to protect against all threats but you can reduce your risk by following some simple steps. According to the Identity Theft Resource Center (ITRC) in 2014 Hacking made up 29% of all data breaches while accidental exposure and lost or stolen laptops or mobile devices were at 11.5% and 7.9%.

The best way to protect your data is to have written policies that are enforced by management.  In fact, a Written Information Security Plan (WISP) is required for all companies here in Massachusetts and is good business practice for all States (most States require some type of written plan).  Some helpful tips include:

  • Establish good physical security for all servers and data backups.
  • Get management involved in network security and integrate their concerns into the hiring process.
  • Hold training sessions with employees explaining your data security procedures and policies.
  • Forbid bypassing security checkpoints like firewalls or remote access servers.
  • Make you sure you audit your systems and procedures periodically to make sure that you are keeping up with technology.
  • Maintain the newest operating systems and updates as well as virus protection software to prevent outside intrusion.

 Konrad Martin, President and CEO – TECH Advisors Inc., shares his advice on three additional areas of data security.

  • SHREDDING:  Along with a good written plan, also make sure that all sensitive documents are being property disposed of by either doing it yourself with a paper shredder or having a specialized company do it for you.
  • LAPTOPS:  Another main cause of data breaches is lost or stolen laptops and mobile devices that were not properly encrypted. Make sure that any device with client data that leaves the office is encrypted to protect the data for intruders.
  • EMAILS:  One vulnerability that is often overlooked is user error.  You see, the emails that we get that are SPAM are created to look like legitimate emails. However if you take the time to read all the verbiage on those emails you will usually find that they contain improper use of grammar.  This is usually a red flag. So before you click on something that appears to come from Microsoft or your Bank, be sure to read the entire email.  “The devil is in the details”!

If you have questions or concerns about your network safety or policies, make sure you contact your IT Company for help in implementing or changing new policies and network features.

 Written by David Espanet.

 

References:

http://www.idtheftcenter.org/ITRC-Surveys-Studies/2014databreaches.html

http://www.computerworld.com/article/2571331/security0/how-to-defend-against-internal-security-threats.html

http://ww2.cfo.com/data-security/2015/05/6-ways-combat-internal-threats-data-security/