888.678.7282    Get SUPPORT

Strata Information Technology Blog

How to Avoid Becoming the Next Data Security Cautionary Tale

How to Avoid Becoming the Next Data Security Cautionary Tale

Data security isn’t a matter to be taken lightly, as too many businesses have found out the hard way. Unfortunately, there are far too many simple ways to correct common security issues - enough that it’s foolish not to do so. We’ll review a few ways to fix security issues, after discussing one of, if not the, most egregious security failings in modern history.

The Equifax Problem
Sometime between May and July of 2017, the credit-reporting giant Equifax suffered a massive data breach that, as of this writing, exposed 148.1 million records containing the personally identifiable information of their customers. In other words, this breach exposed the data of almost half of the population of the United States of America.

In the aftermath of the Equifax data breach scandal, former CEO Richard Smith was cross-examined by Congress. Upon hearing Smith’s defense of “human and technology errors,” Chairman of the House energy and commerce committee Greg Walden quipped, “I don’t think that we can pass a law that fixes stupid.”

How to Fix Your Business’ Security
While Walden may be correct that stupid can’t be fixed by legislation, it may be able to be mitigated through the faithful enforcement of certain standards and practices. These standards should be enforced both on an organizational level, and on a case-by-case, personal basis.

First, let’s review what you should enforce in your organization:

  1. Compliance should be the baseline - Unfortunately, compliance with regulations often does not equal true data security. Instead of looking at compliance as being the ultimate goal for your business, consider it the first step to your business security strategy.
  2. Vulnerabilities need to be promptly remediated - It is astounding that so many exploits rely on known vulnerabilities… a full 99 percent of them. Furthermore, other attack vectors often utilize vulnerabilities that are a half a year old at least. Patching these vulnerabilities as soon as possible will help cut down on threats to your business’ data and infrastructure.
  3. Data security needs to be centralized, organized, and assigned - While security should be a shared responsibility throughout the company, there needs to also be someone taking lead and accepting responsibility for ensuring that data is properly distributed in a secure fashion. Part of this responsibility should be to implement access controls, ensuring that the data only can spread to whomever it needs to and no one else.

Encouraging Your Employees’ Security
Of course, your employees are largely in control of how secure your company remains. This could be a bad thing, unless they are also held to certain best practices that keep data, and the accounts that can access it, secure. There are a few basic rules you can enforce among your staff to help encourage them to act securely.

  1. Lazy credential habits - There are a variety of behaviors to adopt that can better protect the accounts and solutions that your employees have. First of all, the classic password problem: reusing the same password for every account. If one or more of your employees does this, each one is essentially creating a master key that someone could use to access everything in their life, including your data. Neglecting to set a passcode of some sort for a mobile device can cause the same issue. An effective way to remedy this kind of behavior is to utilize a password management system. That way, your employee can reduce the number of passwords they have to remember, without sacrificing security.
  2. Oversharing - While you can’t necessarily control what your employees do in their off-hours, you should reinforce how easily a cybercriminal could piece together their passwords through some examination of their social media, especially if they subscribe to the lazy credential habits we just reviewed. See if they’ll avoid sharing personal anecdotes or information without first restricting the audience that can see that particular post. At the very least, they should have their social media accounts set so that only their approved friends can see their content. Furthermore, do your best to avoid oversharing from the office. Images can easily show confidential information if you aren’t careful, by accidentally capturing an invoice or your customer relationship management solution pulled up on a screen in the picture. Review what you are about to post before taking the image and before you share it online.
  3. Using the wrong Wi-Fi - While public Wi-Fi connections may be convenient, you should remind your employees that this convenience comes at a price: the security of public Wi-Fi is suspect at best. They should be warned against doing anything especially important over a public Wi-Fi signal, like banking or checking their email.

Data security is a critically important consideration, in part because there are so many ways that it can be undermined. We have some solutions to offer that can help keep your business secure (despite what may sometimes seem to be your employees’ best efforts). Reach out to Strata Information Technology at 888.678.7282 today!

Tip of the Week: Working with Your Router for Bett...
Defining “Cyberterrorism” is Easier Than It Sounds
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, May 24 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Business Computing Best Practices Managed IT Services Privacy Network Security Cloud Malware Internet Hackers User Tips Microsoft Communications Data Productivity Efficiency Communication Business Management Cybersecurity Outsourced IT IT Support Business Smartphones Hardware Windows 10 Ransomware Passwords Tech Term Software Backup VoIP Email Google Innovation Social Media Mobile Device IT Services Network Small Business Users Productivity Alert Smartphone Data Backup Apps Bandwidth Browser Data Recovery Collaboration Holiday Phishing Microsoft Office Save Money Miscellaneous Hosted Solutions Cloud Computing Vulnerability Data Breach Mobile Devices Computer Android Access Control Workplace Tips App Internet of Things Twitter Business Continuity Office 365 Saving Money Networking Wireless Patch Management Law Enforcement Mobile Device Management Workers Office Net Neutrality Settings Personal Information Wi-Fi Excel BDR Company Culture Politics Chrome Employer-Employee Relationship Remote Monitoring Scam Blockchain Cybercrime Gadgets Government Applications Facebook Compliance Managing Stress Maintenance Password Spam Antivirus Information Healthcare Retail Managed Service Value BYOD Data Security Connectivity Managed IT Service Automation Medical IT Dark Web Education SaaS Virus Marketing Telephony Vendor Management Word Windows Virtual Assistant Remote Monitoring and Management Computers How To Paperless Office Website Entertainment Voice over Internet Protocol Recovery Upgrade WiFi Cortana Error Human Resources Physical Security Digital Help Desk Internet Explorer Cleaning Printers Vulnerabilities A.I. Current Events Shortcut Router Content Filtering Unified Threat Management Outlook disposal Leadership Access HIPAA Regulation Tablet Troubleshooting Inventory Hard Disk Drive Live Streaming Managed Service Provider Cost Management IT Management Sports Telephone Systems Data Protection Touchscreen Dongle Employee-Employer Relationship Files Managed IT Edge Certification Threat Computer Care Reporting Cryptocurrency Movies CrashOverride Two-factor Authentication Gmail Botnet VPN Spyware Remote Support Hard Drive Hiring/Firing Employer Employee Relationship Knowledge VoIPMyths Video Amazon Disaster Recovery WhatsApp Wireless Charging Plug-In Tech Terms Remote Control Battery Data Management Microsoft Office 365 Electronic Health Records Bring Your Own Device Encryption Mobility Gaming Console Automobile Data loss Tech Support HP Profitability Analytics Processors Phone System Comparison Synergy VoIPSavings Safety Lead Generation Proactive IT E-Commerce Streaming Media Scalability Yahoo Authentication Technology Tips Health Hybrid Cloud Emergency Training Video Games Google Maps The Internet of Things GDPR Staff Time Management RAM Worker Budget Document Management Eliminating Downtime Database IaaS Apple Credit Cards Multi-Factor Security Specifications Update Television Information Technology News Hard Drives Payment Downloads Email Management DDoS Authorization Backup and Disaster Recovery Employees Cables Smart Technology Licensing Voice over IP Security Cameras Staffing iPhone Storage Websites Microsoft Teams Printer Wireless Internet Tactics HaaS Printer Server Trends Gadget Customer Service Dark Data Technology Efficiently e-waste Biometrics Telephone System WannaCry Avoiding Downtime Artificial Intelligence instant Messaging Sales SSD Solid State Drive Business Intelligence Travel IT budget PowerPoint Samsung Telecommuting Money Domains Machine Learning Online Shopping G Suite Millennials Public Speaking Telecommute Presentation Google Drive Mobile Security Lithium-ion battery File Sharing Hosted Solution IT Support Fun Laptop Printing Augmented Reality Windows 7 Unified Communications User Tip Wireless Technology 5G IBM Operating System OneNote Network Attached Storage Spam Blocking User Security Copy Hacker Paper Virtualization Windows 10 Tip of the week Autocorrect VoIP Customer Relationship Management Environment Competition Server Management Business Technology Paste IP Address Search Scheduling Ink Big Data Server Chrome OS Remote Computing Conferencing Emoji Quick Tips Mobile Office eCommerce Instagram Wearables Managed IT Services

Newsletter Sign Up