Data Security: 9 Ways to Protect Your Workplace from Cyber Threats
Could your business thrive without the internet?
It’s not very likely.
The internet has become an indispensable tool assisting in so many ways, from reaching new customers to enabling the mobile workforce to do its job.
But being constantly connected increases the risk of online theft, fraud and abuse.
The Symantec 2014 Internet Security Threat Report showed that the number of data breach incidents in 2013 was 62% higher than the previous year. In total, over 552 million identities were breached.
Small and medium businesses are definitely being targeted by cyber thieves – because of the information in their keeping. The National Cyber Security Alliance reports 69% handle sensitive information such as customer data, 49% have financial records and reports, 23% have intellectual property of the company, and 18% handle other companies’ intellectual property.
With National Cyber Security Awareness Month wrapping up, here are 9 ways a workplace can improve its data security and protect itself from cyber threats.
Perform regular risk audits. What information is collected by your workplace and how is it stored? Who can access the information? How is the information protected?
Appoint someone to be in charge of cyber security. According to the GetCyberSafe Guide for Small and Medium Businesses, responsibilities would include researching current threats and security options, and implementing and monitoring safeguards.
Create a security plan. All workplaces should have comprehensive security best practices and policies in writing, and provide on-going training, updates and reminders to the workforce.
Utilize all forms of IT safeguards. Anti-virus protection and anti-spyware software are important as well as secure internet connections with firewalls; also, encryption software and anti-malware software to scan incoming files. Implement an effective password policy and use a Spam filter – Spam represents about 69% of all email sent over the Internet, according to Symantec. Update and patch to keep security up-to-date too.
Educate employees. Security awareness training should be on-going. For example, teach employees not to answer suspicious emails or provide confidential information. There should also be non-disclosure agreements with employees.
Develop a mobile device policy. With mobile devices, the Symantec report showed that lost or stolen devices are still the biggest risk. But only 50% of users take even basic security precautions. All devices allowed on company networks should have adequate security protection.
Use physical security safeguards too. Be sure business premises are secured and locked with sign-in procedures for visitors. Employees should lock their computers and put sensitive documents away when not at their desks. A Clean Desk Policy is recommended.
Store data safely. Frequently back up data, and store it in a safe place. Identify and track all sensitive information along with where it is located (server, cloud storage, external hard drive) and for how long it needs to be kept.
Destroy all information when no longer needed. It is critical to physically destroy information at the end of its lifecycle. For example, shred paper so that information cannot be gathered and used illegally.Check our these document destruction best practices.
Keep in mind that e-media documents should also be destroyed physically when no longer needed. Talk to your paper shredding provider about hard drive and e-media destruction services.