Safe and secure data access, transmission, and storage is more vital than ever. The good news is that there are many ways to protect a company’s valuable data from falling into the wrong hands. Here are 10 expert recommendations.
When career criminal Willie Sutton was arrested in the 1950s he was asked why he robbed banks. “That’s where the money is,” he replied. Today the most attractive target with the most value to thieves is the payment process. Any vulnerabilities in that data exchange can be exploited. Priority number one is to secure payment data, using safeguards including encryption, tokenization, and Level 3 PCI compliance.
Back Up to the Cloud
Payment and customer data and other confidential information should be backed-up and archived off-site, using cloud technology. That adds a powerful layer of protection and also makes the data recoverable in case of a ransom attack or natural disaster. Cloud storage also facilitates fast, convenient sharing with third parties such as accountants, attorneys, and branch offices.
Before entrusting data to third party vendors, make sure they maintain robust security protocols and are PCI-compliant. This policy should apply to any partner or vendor with whom a business shares sensitive material. That includes payment transaction and tax-related data, legal documents, intellectual property, employee records, and information that can identify clients.
Train and retrain employees in data protection best practices.
Many nonprofit organizations including StaySafeOnline, the National Cyber Security Alliance, the Cloud Security Alliance, and the Center for Internet Security offer expert tips and guidance. They may also provide training events. Another valuable resource is government agencies such as the FBI, FTC, and Small Business Administration.
Limit access to company data or IT networks to only those who need it and are properly trained in security protocols. Even high-level decision makers should demonstrate their proficiency in data safeguard procedures. Otherwise, despite their executive status, they may inadvertently compromise business data.
Use Authorized Devices
Devices engineered for consumer use in the home do not typically offer adequate business-level protections. Limit or prohibit their use for business activities. P2P payment apps also fall into this category, because they may lack the security features necessary to protect business transactions.
Unless there is a real need to store data, thoroughly delete it. Otherwise businesses accumulate massive amounts of data that needs to be guarded. That can become an unwanted burden or an unintended target for thieves. That applies to both electronic data and paper documents susceptible to loss, damage, fraud, or theft.
Text messages and communications sent via apps and email can also be intercepted. Companies using these tools should deploy encryption software designed for business. By encrypting those communications, anyone without the corresponding encryption key will not be able to read them.
Erase Printer Data
Most business managers are unaware that just as computers store data, so do printers. Any office printer should be purged of its stored files on a regular basis. Otherwise a seemingly innocuous printer can become a treasure trove of hackable, sensitive data.
The most commonly-cited security recommendation of all is still “use strong passwords.” Weak or easily stolen or deciphered passwords are responsible for approximately 80 percent of all data breaches. To make them even more secure, use a password manager program that includes multi-factor authentication.