The Importance of Business Data Safety: Part Two: 10 Tips on How to Protect Your Company’s Vital Business Data
As we explained in part one, data is the lifeblood of your business, and it’s important to keep that data safe and secure for the sake of your company and your clients. We’ve already discussed the risks facing companies large and small that can threaten their data security in our last article, but what can you do about those risks? How can you make your data networks safer? If your company’s New Year’s Resolution is to improve your data network security, read on for tips and important steps to take that will help you safeguard your valuable information.
#1. Encryption, Encryption, Encryption
A critical step in any initiative to secure your company’s data should be encryption. By encrypting your data, you’re essentially scrambling it so that it becomes useless without the password (or passphrase) to decrypt it. With encryption, even if the files are stolen or duplicated, it’s a lot harder to compromise the data, since it is a jumbled mess without the decryption code. The best part, you don’t need to be a computer genius to implement encryption. There are all kinds of programs and tools available to encrypt and decrypt data. That’s why we recommend encrypting everything. It is easier to encrypt full disks as opposed to a few select files, and it’s safer, too. Plus, you should encrypt more than just your desktop computer. Laptops, tablets, smartphones, USBs, e-mails, and anywhere else you digitally store valuable business data should be secured through encryption.
#2. Back Up Everything
Data breaches don’t always entail duplicated, stolen data. If a device is stolen or if your network crashes, you could lose all your data, and your business runs on that information. That’s why it is crucial that you have backup protocols for all business data. Of course, this should all be encrypted, too, if possible.
#3. Consider the Cloud
Keeping all of your data, or at least backups of it, in the cloud may seem a little unnerving. However, if you are careful in the selection of your cloud provider, it may be a lot more secure than keeping it on site, and there are some significant benefits to using cloud computing for business. Some cloud service providers offer intense security measures, including ones that encrypt your data for you. In some cases, the layers of security can be so specific that the service will only decrypt files when accessed by certain individuals with certain passwords with certain IP addresses. Of course, you shouldn’t trust a single person to manage your cloud security. Always have at least one additional employee in place who is knowledgeable about these security protocols, and make sure that if either person leaves, their access can be blocked immediately.
#4. Practice Safe Tech Disposal
Would you throw your credit card or banking statements in the trash? You shouldn’t! Thieves can easily rummage through trash to find information that could compromise your financial and personal security. That’s why you should shred or incinerate (or both) these sorts of documents. The same concept applies to digital data. If you just throw away a hard drive as is, it could be stolen and the information on it could be used to harm your company or your clients.
To prevent this, make sure you overwrite deleted files, making them harder to retrieve than simply deleting them. Remove any old, unneeded files from your system, preventing more data from being at risk than absolutely must be. Delete any old files from cloud backups as well. If you are getting rid of a hard drive, make it as unreadable as possible. To do this, you could run a magnet over it, wipe the disk clean (multiple times) with software, use disk shredding, or (most effectively) completely destroy the physical hard drive.
#5. Create a Data Fortress
Scammers and hackers are sneaky and clever. Sometimes, they use a brute force cyberattack. Sometimes, they sneak in through a backdoor in your operating system or security. They also can send malware through seemingly legitimate links and e-mails to steal information from your computer, or they might hack into your webcam or microphone to try to determine passwords or glean other information. So, you need to make your devices and your business data network into a data fortress. To do this:
- Use Firewalls: Firewalls are great for blocking outside, malicious programs from infiltrating your devices and gaining access to your data. It’s best to use hardware-based firewalls, as these add an extra layer of security compared to software-based ones. However, software-based firewalls are also available for mobile devices.
- Maintain Up-to-Date Anti-Malware and Antivirus Programs: Keep a current antivirus and anti-malware running on all of your business’ devices, even smartphones and tablets. Mandate periodic scans on every computer to ensure security.
- Use a U2F Key or Other Two-Factor Authentication: Whether it is a passcode sent to a separate device or a physical device (called a U2F Key), make sure that there is a second factor for authenticating access. A password isn’t always secure enough on its own. If a user needs a second passcode or to keep a device inserted in the device in order to use it, it is a less likely that the data stored will fall into the wrong hands.
- Disconnect or Block Webcams and Microphones: Put a sticker over your webcam if it is built into the device (like on a laptop) or disconnect it from the computer if it is a separate device. You should also block or disconnect your microphone as well, if possible, as hackers could turn on and access both of these devices without your knowledge.
#6. Don’t Ignore Updates
We understand that operating system and antivirus updates are time-consuming and can sometimes slow a system down while in progress. However, they are more important than you think. In many cases, these updates include patches that can fill holes in the security and effectiveness of the system, close back doors, and otherwise improve security. By ignoring updates, you could be leaving your system exposed to well-known weaknesses in cybersecurity.
#7. Mobile Data Safety is a Must
With more and more businesses enacting BYOD policies or requiring employees to utilize business smartphones or tablets, mobile business data security is becoming a larger concern. If one of those devices gets stolen or compromised, it could be just as bad as if it happened to a desktop at the office. To ensure mobile safety:
- Enable remote location and device wiping in case the device gets stolen or lost.
- Review all privacy settings on phones and in any on-device applications.
- Set all devices to lock after a short period of inactivity.
- Secure all mobile devices with passcodes.
- Back up data on mobile devices.
- Install mobile anti-virus and anti-malware software.
#8. Password Protect and Protect Your Passwords!
Though you do want to use two-factor authentication wherever possible, selecting strong passwords and adhering to password best practices is still crucial to your data security (and you should make sure your employees adhere to them, too!). Make sure you use passphrases instead of passwords (and use a combination of letters, numbers, and symbols). Do not use the same password on more than one account, and do not save your passwords in browsers. There are some secure password management software programs that could be utilized to generate and remember passwords, though. However, you should certainly avoid writing down your passwords or storing them in a document, spreadsheet, or another unsecured program. Finally, make sure that your employees not only follow these practices but that you also have a protocol in place to quickly revoke access authorization in the case of a dismissal or other issue.
#9. Educate Your Employees on Data Security Best Practices
Employee negligence is a major risk to your business data security, but you can mitigate this risk by educating them on data security best practices. Run seminars or send out security information and quizzes on a regular basis in order to ensure that your employees know how to properly maintain the security and integrity of your company’s data. Ensure that they know to turn off a computer when it is not in use, not to trust links that come from unverified sources (and to manually type trusted links in rather than just clicking on them), to avoid using a computer as an admin unless needed, to sign out of accounts they are not using, and not to store passwords on post-its, notes, or anywhere on the computer itself.
#10. Have a Strong IT Infrastructure
Your hardware and software work in concert to keep your business data network running properly and securely. At C1C, we know the importance of installing and upgrading a secure network infrastructure to minimize the risk of digital breaches. If you need to install, upgrade, or even just evaluate your data network, call in the experts. We have years of experience and knowledge to set up a strong IT infrastructure for your company. For a free consultation, call 855-TECH-C1C (855-832-4212) or contact us online and we’ll be happy to help you.