Data Breach Prevention Tips. Technology Engineering Group.

Data Breach Prevention Tips

November 6, 2014

Companies and organizations today are at a greater risk of experiencing data breaches than ever before – both from inside as well as outside sources.  A recent study conducted by Symantec and the Ponemon Institute found that over half of all employees took company records or intellectual property with them when they left their jobs.  And a whopping 70% of employees reported that their company had no means in place to stop them from accessing confidential data!  The study also reported that “the United States and Germany continue to incur the most costly data breaches (at an average cost per compromised record of $188 and $199 respectively). These two countries also had the highest total cost per data breach (United States at $5.4 million and Germany at $4.8 million).”

Obviously the costs of data breaches are too high for organizations in terms of loss of data, profitability, and even reputation.  But there are several safeguards which, if enacted, can help to prevent the astronomical losses caused by corporate and organizational data breaches.

Brian Lapidus, a data security expert and chief operating officer of the Cyber Security & Information Assurance department at Kroll – recognized as the world’s leading risk consulting company – offers some critical advice for protecting your company again data breaches.  He advises implementing the following guidelines at your company or organization to prevent data breaches from occurring:

Establish key policies across all company borders

      • Policies should begin with IT, but extend to other areas of the company
        • Standards for data exchange for remote projects should be put into place
        • Physical security should be instituted – secured server rooms, locked server racks, limited access, and so on
        • Software should be installed on all mobile devices to track data movement, add encryption, and provide IT admins control over data and how it is handled, in the event a data breach were to occur
      • HR should define exit procedures for employees
      • Management must enforce physical protections and written procedures from the top down

Create a complete breach preparedness plan

      • Decide what will be included in these policies and procedures, who will implement them, and when?
      • Determine the physical pieces of the plan and when and how will they be tested?

Educate employees regarding the protection and handling of sensitive data

      • Include this information in your employee manual
      • Hold occasional meetings to advise employees of any data handling updates and to reiterate the policies already in place

Keep readily accessible data to a minimum

      • Don’t hang onto data you don’t need
      • Keep data retention storage spaces to a minimum
      • Limit employee access to sensitive data; only required employees, and only ‘as needed’
      • Keep records of data access
      • Remove and purge data appropriately when its retention period has expired

Periodically conduct risk assessment

      • Changes in business models could affect risk levels and liabilities
      • Use internal and external resources specializing in risk management auditing to determine any new areas of risk

Offer training and technical support to all employees including mobile workers

      • Policies and procedures for data security standards should remain constant across all facets of the company, and be distributed to all workers
      • Security and authentication software should be installed and kept current on all mobile devices
      • Sufficient training and technical support should be provided to all onsite and offsite workers

Utilize services of a third-party corporate breach and data security expert

      • Using an outside source will ensure that the evaluation and analysis of the level of risk and exposure performed is neutral and objective
      • Bringing someone in from the outside takes pressure off inside staff that might be concerned about job security, were they to discover any vulnerabilities

Implement more than just data encryption

      • Encryption alone can provide businesses a false sense of security
      • Hackers can and do break encryption codes
      • Install data monitoring software to keep on top of your data movement and usage

Security software updates need to stay current

      • Doing so prevents security holes from opening and being exploited
      • Budget money, resources, and time should be allocated to ensure these patches stay up-to-date

Ensure your customer and vendor standards are held to the same high standards

      • Communications – and other client and vendor interfacing – should maintain compliance with your standards, as well as any state and federal regulations that pertain to their organizations
      • Your organization must remain in control of its data at all times – especially if stored or used offsite or offshore

Data breaches are on the rise, especially from the inside.  Following these tips and enabling these safeguards can ensure that your organization remains protected – and your data kept safe and secure!

Technology Engineering Group, LLC
3593 Medina Rd. #239
Medina, Oh 44256
Copyright © 2018 Technology Engineering Group. | Sitemap