Data—it’s the lifeblood of every business, big or small. Unfortunately, cybercriminals are on the hunt for vulnerable people and systems—hoping to profit from your pain.
“Wait—but Nedland is a waste equipment manufacturer. Why are you taking on data security?” you ask. Simple: Experts are raising the alarm. The cyber threat is growing and our friends with years in the data protection space have some sage advice for you.
So, whether you have an in-house IT team, you work with a managed services provider, or you wear many hats, IT included—there’s a lot you can do to protect your data.
Because, let’s face it—today, no one is immune.
So, what should you be thinking about on a personal level?
For starters, recognize that keeping data secure isn’t easy.
Cybercriminals have grown increasingly sophisticated over the years. These aren’t troublemaking teens hacking systems from their grandmothers’ basements, they’re organized crime syndicates—and they’re leveraging sophisticated technologies and social engineering to trick you into cracking open the door. Heck, some are even selling ransomware-as-a-service on the Dark Web, so criminals who don’t possess technical chops can launch campaigns in simple paint-by-number fashion.
That’s what you’re up against.
It’s why you should:
- Be very suspicious of every unsolicited request for your personal data—no matter where it comes from
- Independently verify data requests—call the business using the phone number listed on its website, never the contact information provided in the original request
- Steer clear of links or downloadable files from sources you don’t know and trust
- Never share personal or financial data through email
- Confirm you’re on a secure website before sharing sensitive data (the closed padlock icon and HTTPS before the site domain name tell you it’s secure)
- Examine email addresses and URLs carefully—sometimes imperceptible spelling or punctuation changes will indicate a source that has been spoofed
- Be cautious of generic email greetings from people you know—before you click, slow down and give your gut a chance to tell you if something’s off
- Be vigilant of data and financial requests from people who wouldn’t ordinarily make requests like this of you
- Avoid flash drives that aren’t yours or from a trusted source—that flash drive you found in a parking lot? Not a gift
Strengthen your human firewall
Today, the overwhelming majority of cyberattacks are executed by tricking good people, just like you, into clicking links, downloading files, and logging into spoofed login walls. Some experts say that figure could be as high as 97%.
It’s why IT professionals shout the value of data security training from the rooftops.
What might your business consider?
- Deliver a data security training session—make sure your employees know how to spot phishing attacks, create strong passwords, secure devices, and connect to public WiFi securely
- Make sure company leaders get trained—it sends a good message to your organization and, given their access to sensitive information, they’re more likely to be targeted
- Hold mandatory refresher trainings every six months to a year
- Regularly launch phishing tests to identify employees who might need a refresher before it’s too late (data security companies, like Sophos and KnowBe4 offer this service and some offer free trials, as well)
- Be sure employees know who they should contact should they spot something that looks “off”
Protect your data, systems, and applications
While data security best practices are nothing new to IT professionals, IT is often underfunded. Scrambling to address squeaky wheels, it’s not uncommon for the data protection basics to slide.
Be sure that the person managing your data is employing these critical tactics (and, if it’s all Greek to you, that’s okay! Just run through this list and ensure they’ve got it covered):
- Embrace the “principle of least privilege”—grant access to applications and data only to those who need that level of access to do their jobs
- Implement secure password and multifactor authentication policies
- Require a password manager—we like LastPass
- Restrict company access to personal email and social accounts so hackers can’t open a backdoor to your company’s data through accounts outside your control
- Install security patches across all operating systems, software, applications, mobile devices, and IoT immediately—don’t let this slide
- Keep operating systems and software regularly updated
- Use browser security and web filtering to block phishing campaigns
- Harness smart intrusion detection technologies to monitor traffic and identify threats
- Vulnerability test your systems and immediately close open doors
- Use proxy servers and ad-blocking software—and restrict who has permissions to install and run software applications
- Prevent or block removable devices, like USB, on key systems
- Backup your data using a 3-2-1 strategy—three copies of your data on at least two different media with one stored off-site—so that you can painlessly recover if cybercriminals temporarily get the upper hand
At the end of the day, cyberattacks not only disrupt businesses and result in costly recoveries, but they also erode trust—especially now, as so many are conscious of threats to their personal data.
The old adage, “An ounce of prevention is worth a pound of cure” absolutely rings true when it comes to data security and protection.