As a business owner, you’ve probably heard a lot about protecting your business from data breaches. But what does that mean, exactly?
A data breach is an unwanted, unsolicited, entry into your data, that violates data security protocols or causes damage to, or exposure of your data, systems, and applications.
Common Data Breaches
Common Data Breaches include:
– Human Error
– Hardware Failure
– Hackers
– Malware and virus attacks
– Insider data theft and destruction
– Fire, flood, weather damage
In this blog, we’ll discuss ways to address each of these issues.
Reduce Human Error by Implementing Strict Internal Policies
Even though ransomware and malware attacks are what have been highlighted in the news the past couple of years, human error and poor disaster recovery procedures are the most prominent causes of data breaches today.
To protect data from imperfect humans, create processes, protocols rules-based responsibilities and backup strategies for all the distinct types of data in your business.
Training is essential. You have to train and discuss issues often and update the training and the HR protocols when you realize an update is necessary.
Frequently validate that procedures are followed and hire experts who can help if you find you are not able to do this with the talents of your in-house staff.
Also, select and train your employees well. Remind them to take a moment to follow proper protocols before they delete any data. They should do this even in an emergency.
This includes asking themselves the following questions:
– Is the data already backed up?
– Do I have permission from management to delete this data?
– Should I archive this information before it is deleted?
Most times files, databases, and other work documents,, are destroyed because a business either doesn’t have security protocols or existing protocols are not being followed.
The CIO and the IT Managers should review the data in the company’s complete environment to be sure there are protocols and policies that can be easily understood and followed by all employees then verify that they are implemented by everyone.
For example, it’s easy to create rules, roles, security processes, and protect data stored in databases. But i’s tough to make sure that Susan from Marketing is storing and backing up all her work templates, proposals, and reports.
Make sure you have an easy second storage process on a file server, share file, or another document storage application. Then, require that the manager of the marketing department follow up and make sure those documents are stored correctly for backup and easy access.
Be Prepared for Hardware Failure
All hardware is going to fail someday. Always have redundancies for them. It is best to have a secondary hardware environment with your application code, database, documents etc., ready to rollup if the hardware fails.
If this is not an option, at least have spare drives available for when one or more disks fail, so you can replace them easily. Sometimes this is not affordable. Always back up everything to another site, not on the same hardware as your production server or the primary file server.
Avoid Malware and Ransomware Attacks
Malware, virus, or ransomware attacks, are very newsworthy and get a lot of attention, but are not the most common reasons for data breaches. You can protect yourself from malware, viruses, or ransomware attacks them by following this advice:
– Make sure you have all security patches in place suggested by the software and hardware manufacturers
– Use firewall and virus detection software
– If needed, use hardware security devices that also monitor your environment for breaches inside and outside your user environment.
– Create role-based security limiting processes to limit who can see and manipulate your data.
– Back up everything: application data, code, databases, your marketing materials, employees work documents, billing and payment information, and your website.
– Do not use public Wi-Fi: To properly protect yourself from hackers, be careful where you are when you access financial information or PI information. Don’t look up access this type of data while you are using public Wi-Fiwifi. Make sure you are using SSL certificate protected websites, and watch for emails and invites that come from unknown sources before you click.
If you do all of this, you should not have to pay a ransom.
Hackers use malware and ransomware generally to attack your data, but they will also use open public ports, application code that is not properly secured, and other devices to hack phones and tablets to access your data.
Protect Yourself From Insider Data Theft
Insider data theft starts and ends with establishing and implementing Human Resources policies that result in severe consequences for the would-be insider data thief.
For instance, if you are in an industry that requires protection of PI information, then your Employee Manual should state what not to do, best practices, and what happens if PI information is shared.
This should include not only the possibility of employment termination but possible legal liability. You should also include a provision that in the event a Court finds the employee to have acted with malice, that employee will have to reimburse the business for attorneys fees and all costs associated with a lawsuit.
Fire Floods, and Weather Damage: Be Prepared for an Emergency
Fire, floods, and other emergencies can also put your data at risk.
Last year, there were many natural disasters and major wildfires in California. These events caused billions of dollars of damage to businesses. Many lost their business not because they lost their building and product, but because they lost their computers and the data stored on them.
Prioritize having backup procedures that include getting a secondary copy of your most valued data. Make sure it’s stored in another location.
Protect Your Business Data From Third Parties Who Are Physically in Your Business
To figure out what is vital, walk through the door of your company and look around for any vulnerabilities.
One of the first people you’ll see may be the receptionist, who also handles billing or payments from clients. Can any person who walks in see the information in the front desk’s computer? If so, get a privacy screen and require that the receptionist log out of her account any time he or she has to step away from the desk.
Continue walking through all work stations until you get to your desk. Create a strategy for each department or job to protect and back up all data.
If all this is too overwhelming, ask for help from your IT staff or hire an expert. It’s much better to include this expenditure in your budget than to go out of business over something that’s preventable.
Contact Soaring Eagle Consulting for Consultation
Fill out a form or give us a call and we will do a free 30-minute database evaluation to identify the root causes of your issues and decide the best way to resolve your problems.
