Techie’s Perspective on How to Overcome Risk of Data Theft
As we all know small and mid-sized enterprises (SMEs) are becoming a favorite target for cybercriminals. The recent internet security threat report from Symantec has recorded a steady increase in Spear-Phishing attacks targeting small businesses with less than 250 employees in a five-year haul starting from 2011.
Incidences of a data breach in SMEs including data theft and loss are on the rise due to negligence, insecure practices, and lack of awareness. Such enterprises may end up confronting with dire consequences for ignoring security risks to their critical data. Here we have some effective tips to secure enterprise-grade mobile apps.
Here, we focus only on data theft as it can cost a lot to any small or mid-sized company. Business owners can take these precautionary measures to protect valuable company data:
A recent Ponemon research report has revealed that employees are the top cause for any incidences of a data breach in small and mid-size businesses (SMBs) with a whopping 48 percent accountability. Employees tend to commit trivial mistakes usually due to lack of awareness about the hacker’s activities. Employee training is, therefore, one of the most important steps for reducing the data theft potential.
Today we see an increase in the use of personal mobile devices and an extensive use of social media; social engineering emerges as a potential threat for small businesses where hackers pretend to be trusted sources and intend to steal valuable data. Phishing and ransomware are two common tactics applied by the hackers on a frequent basis.
There should be a mandatory training session for daily security risks, and each employee should remember the following tips:
(i) Confirm the legitimacy and reliability of the source before giving any confidential information
(ii) Never open attachments sent by unknown people
(iii) Avoid clicking on any suspicious or dubious links anywhere
(iv) Use strong passwords on all devices while using a separate password for each registered site
(v) Avoid visiting any unauthorized websites
Secure sensitive data
Sensitive data can be used for garnering profits and hackers are aware of this fact very well. Business trade secrets, financial information, personal identification number (PIN), and other company-related critical information fall in the category of sensitive data as this data can ruin the reputation of business.
It is advisable to offer limited data access to employees and going old school in storing sensitive information in the form of paper files and keeping it in a locked cabinet.
Businesspersons need to remain on a constant alert while disposing of any sensitive data as it may get leaked during disposal procedure.
Remove all ‘ready-to-dispose’ data from every electronic device and practice extreme caution while disposing of data manually.
Malicious software including viruses and spyware can be installed on a computer for either getting access to sensitive information or cause irreparable damage to the system. A USB device with malware or accidental and unintentional clicking on an infected link can install malware on any computer.
Antivirus and antispyware software must be installed on all devices and employees need to remain alert about clicking on any suspicious links.
The password is a first defense line, and hackers use many different means to decode it. Therefore, a password needs to be strong enough for addressing any malicious attempt.
Changing password after every 15 or 30 days is advisable for deterring hackers’ efforts. A complex password is preferable with a variety of characters.
Physical access control
Laptops and other devices can be easily stolen, and the critical data can be compromised.
Every employee should have separate user accounts to prevent business devices from any unauthorized usage. Laptops can be locked in safe while unattended, and enterprises can also consider giving limited network access in reception area.
Any unencrypted data can be readily stolen by the hackers. If credit card details or any personal details are not encrypted, then the company suffers a huge loss.
Secure Sockets Layer (SSL) certificate is one of the most standard ways to encrypt all the sensitive business data before uploading over the Internet. Laptops, mobile devices, USB drives and even emails also require encryption as they contain sensitive data.
Regular system up-gradation
These days, security threat is increasing due to evolution in malware. No company can afford to keep outdated anti-virus or anti-spam software as such software cannot offer any resistance against the sophisticated and polished cyber attack.
Software vendors come up with regular updates to address new cyber security vulnerabilities and threats to keep your devices clean. SMEs need to understand the importance of spending bucks for an upgrade in the browser, OS, and antivirus software that efficiently deal with online threats and consider it as a necessary investment.
Outsiders can readily gain access to any private information on company’s network. A Wi-Fi network is also vulnerable.
Firewall protection is handy in preventing any non-members from accessing company’s network. Virtual Private Network (VPN) is a good option for providing secure access while working from a remote place.
The Wi-Fi network used for workplace should also be password-protected and encrypted to avoid any possible attempt to
Third-party control verification
In the era of outsourcing, SMBs rely on third-party vendors for software that are necessary for facilitating a few business operations. Whether it is for payroll or credit card processing, third-party involvement is important for SMBs. If a breach occurs on the software vendor’s part, it may hurt an organization.
It is advisable to give the contract to a renowned and reliable third-party vendor. Along with digital infrastructure, businesses should focus on security standards applied by the vendor. A Service Level Agreement (SLA) is also necessary to keep in place while offering a project.
Business persons should also include online safety-related questions in the questionnaire made for third-party vendors.
In brief, a small budget and great vigilance can help SMEs get rid of the risk of data theft or loss.
Information management is considered as the most effective cybersecurity technique, but its execution is complex and costly for SMEs. However, in the absence of strong information management system, enterprises can implement the following techniques:
- Data mapping– Complete information about type of data, storage, and ownership
- Policies in place– It is about managing information throughout its lifecycle and preserving abandoned data
- Assessment of content– Scan and classify content in junk, stale, and sensitive categories for better data management
- Data cleanup– Regular cleanup of junk/stale data can facilitate protection of sensitive data through remediation of inappropriate security and access
- Regular monitoring– Scanning on an ongoing basis enables entrepreneurs to identify any non-compliant activity and growth of any stale/junk data
To conclude, we suggest that a change of approach can go a long way. An alertness generated from awareness can assist SMEs to prevent their vital data.