Data breaches have been in the news a lot lately. Not a week goes by when we don’t hear about another devastating breach, and it is often only the big breaches of well known companies like eBay that make the headlines.
It can happen to your organization as well, no matter how small it is – and the results can be devastating. But did you know that the biggest risk to your company’s data often comes from employees?
You may take excellent precautions such as getting ISO 27001 certification, and this will help you to run a more secure organization. But human error often presents the biggest risk.
So how can you combat this?
Be Careful Who You Hire
First of all, have a good recruitment procedure in place to reduce the risk of hiring the wrong people. Always check references and be on the look out for anything problematic in applicants’ pasts that could present a risk by hiring them.
Only Provide Access to Data to Those who Need It
Do all of your employees need access to sensitive company data? Probably not. Make sure you control who has access to it so that you know who is responsible. And when an employee leaves the company, always revoke their access to avoid the risk of an ex-employee accessing the sensitive data.
Promote the Use of Strong Passwords
Passwords are so important when it comes to protecting sensitive data, and you don’t want your employees to be accessing sensitive data using a password like ‘123456’. Encourage them to use long, random passwords, and you may also want to insist that they change their passwords every few months.
Have Rules in Place for BYOD
If you have a BYOD program in place, this can present risks to your organization’s security. Ensure that if your employees use their own devices to access your systems, they follow specific rules. These could involve only downloading permitted apps, using a strong password, and having a remote wipe feature in place. You could also use a mobile container solution to store business and personal data separately.
Secure All Mobile Devices
Your employees may use company laptops when working remotely, and these present a risk of getting lost or stolen – or even left on the train. Always secure these devices, and the best way to do this is encrypt the laptops using hardware encryption that is BIOS independent and the most secure option.
Also be careful with other mobile devices like USB flash drives. These are potentially more risky because they are easier to lose, so make sure they are 256-bit hardware encrypted. That way if they are lost they cannot be accessed.
Speak to Your Staff about Cybersecurity
Finally, make it a regular habit to speak to your employees about cybersecurity. Hold regular meetings, send them information about potential risks, educate them about their responsibilities, and make sure it is something that is spoken about. That way you can reduce the risk of errors occurring that could prove to be very costly.
Photo credit: Lulu Hoeller / Flickr