Data security for business: combating the threats
The negligence of the companies may cause leaks when the business owners prefer to save money on anti-virus software and leave the employees without clear instructions on security policy. In the meantime, external threats can be sometimes too sophisticated for countering. Therefore, companies should anticipate disaster response. We gave an overview of the most common data breaches in business in our previous post. Now it’s time to speak about combating them. The methods of data breach prevention will be in our focus today.
Business owners are interested in the best control of their data. The risk of breaches is especially high when the company has to protect not only its own affairs, but also the customer databases. Apart from hacking poorly protected systems, frauds may perform malware and social engineering attacks.
To secure themselves, the most responsible companies hire high-qualified IT professionals, build a solid security infrastructure and train employees. Nonetheless protecting the perimeter is not a guarantee that the sensible data is unreachable for violations elsewhere. The data should stay secure during all operations including transmitting, editing and storing. If you are not an IT specialist, not all the cases when data is vulnerable are evident. However, when you know the threats — you can diminish the risks. The Online Trust Alliance (OTA) reported that more than 90 % of data breaches that occurred in the first half of 2014 could have easily been prevented.
Confronting data security threats
Instruct the employees on security as soon as they join the team
The employees must be aware about the possible phishing attacks to avoid password and data sharing with the third parties. Every newcomer should be instructed on whom to contact in case of any problems. If the employees have the access to sensitive data — it may be reasonable to give them extra instruction on how to keep secrets. Consider prohibiting the employess to leave working devices unattended and require re-logon after inactivity.
To avoid the human error it is essential to make sure that your people understand the security risks and the ways of reducing them.
Set strong passwords
Captain Obvious would approve this advice. Better passwords mean better security. Sadly, in 2015 people still use “123456 “, “qwerty “, “batman “ and “iloveyou”. Batman is great, love is amazing, but not for data protection. We will speak about strong passwords in one of our upcoming posts, but our first recommendation is to forget about dictionary words when you need to set a password.
VIPole offers a password generator to create strong passwords and a password manager, as long passwords may be difficult to remember. Another handy feature is virtual keyboard that protects VIPole users from keylogging.
Use certified software and prohibit installing risky programs
To run the business safely you have to trust not only your employees but also the programs and the services you use daily. Licensed software gives you guarantees, while the free services may even not provide tech support.
Remember, that a firewall and anti-malware software only limit the risks, but there are many other threats apart from viruses.
Comprehensive patching is a necessity
Don’t think that once you’ve invested in antivirus software you are protected forever. While new malicious attack methods are developed, the security systems are renovated as well. It is essential to be always up to date and ready to meet at least the known threats.
When we speak about updates, we mean all the software that you use, including the operating system, anti-virus programs, multimedia and creativity programs etc. Unpatched systems are more vulnerable for hackers.
Use secure communication channels to send sensible data
Avoid transmitting sensible data via popular chats and e-mail services with the lack of encryption. If this is the only way to contact your customers — they should be aware that these means of communication do not offer the proper security level.
- Instruct the staff in advance about the means of communication they should use for certain issues.
Do not use personal mailboxes to discuss business affairs and exchange files. Your data is vulnerable there. Politicians, businesspeople and celebrities compromised by cracked emails make the news regularly and no one wants to be next. In addition, it is risky to use communication services with no encryption for business negotiations. VIPole offers encrypted audio and video calls and conferences to protect the contents of your conversations.
Restrict data access to those for whom it’s a business need
Maintain access control to all your databases and regularly check the activity of the employees who possess it. Avoid giving the access to temporary contractors. The distribution of sensitive data should be limited to the necessary cases only. The employees must make sure that the documents are send only to the intended recipients. Tracking who views, changes, sends or downloads the documents may prevent breaches. It is reasonable to include a clause in your employment contract stating that the databases are the intellectual property of the company, and the employees have no right to use them for personal affairs.
As the employees may cause the leaks, either unintentionally or on purpose, we have developed a comprehensive access control panel in the Business version of VIPole. VIPole allows the Business account owner to track the activity of the users including their connections, contacts, file downloads etc. Limit the number of employees who may see or download the files to cut the risks of misuse. The second thing that you can do to prevent insider data breaches is disabling the users to change their contact lists. Therefore, you exclude the possibility of undesirable communication.
Control the data flows in your company
Use the software to analyze the traffic of the data in your company. Check the contacts of your employees and control the data while it is stored on their devices. In VIPole, there is an opportunity to set the fixed lists of contacts to the members of the team and to prohibit adding new contacts if it is not a necessity for performing their duties.
Encrypt the data when stored and transmitted
Make sure that the sensible data of your company and the customer data is stored in an encrypted database with limited access. The information stored on hard drives and on all kinds of portable data storage devices should also be encrypted to prevent leaks in case the data bearers are lost or stolen. Encrypting data in transit is necessary both before the data is sent and during the transmission.
These are the basic things you should do to protect your data from breaches. End-to-end encryption in VIPole protects your data even when your employees are temporary off the office or working remotely. Even if the devices are lost or stolen, the encrypted data is useless for hackers. In VIPole, even our staff cannot access your data that is stored on our servers. The software architecture of VIPole is developed in a way to give the access only to the account owner.
Apart from encryption, VIPole allows you to close your connections and to wipe the data from the devices remotely to prevent leaks.
Use separate locations to store your data
You may know that this principle works for keeping cash at home — your rainy day fund is safer when the parts of it are stored separately. If one is disclosed — the other will still be there for you. The same with data — secure yourself from losing everything at once. In VIPole, you may change the folder for file storage and keep the files separately from your profile.
All the critical data of the company needs a way to be restored in case of breaches. Backup everything you cannot afford to lose once and forever. There are remote services that provide this opportunity — just make sure they use encryption.
Destroy the outdated and unnecessary files on portable media and papers
Shredding papers is fun — enjoy destroying what you no longer need to prevent frauds from exploiting it. Hard drives and portable devices should be wiped as well as all the memory cards that are not in use anymore. Even a little old SIM card may become a key to significant databases. Use software developed to permanently wipe the data from all the servers and the devices where it is stored.
Prepare your disaster plan
Thanks to insiders, there is no immunity from breaches. This is why you should know, how to react if you recognize leaks or the potential for them. Every employee should understand how to act if a breach occurs to mitigate its effects.
VIPole has developed a set of emergency tools including instant user blocking, history clearing and blocking access to files.
Discuss security with your vendors and contractors
Hold your business partners to the same security standards that are applied in your company. Recommend the best practice. The breaches of service providers may compromise their clients, therefore make sure that you can entrust your data to the third parties. Maybe just partly.
We have presented a number of anticipatory steps to deal with internal and external threats, but there are more methods for safeguarding the data. You are welcome to share your experience in comments.
VIPole protects you from different kinds of disasters, but security is a complex thing where little issues may cause big problems. Make sure that you share the same vision of security with your coworkers and protect your business from breaches together.
VIPole offers end-to-end encrypted messaging and collaboration solutions for teams and enterprises dealing with commercially or personally sensitive information, and individuals wishing to protect themselves from hackers, identity thieves and malware. More at www.vipole.com
