Digital and computer theft is big business. And the criminals are getting more and more sophisticated every year. According to the Association of Certified Fraud Examiners, digital crooks now account for $3.5 trillion in annual losses worldwide. Businesses must protect their data from exposure to theft or leakage both from inside and outside the company. Countermeasures must include both cybersecurity measures and measures against physical theft, or physical security.
Here are some of the best ways your company can protect itself and your valuable data from compromise, destruction or theft.
- Don’t let employees have unrestricted admin privileges over your servers. Retain permissions with an officer of the company – preferably someone with a real stockholder’s interest in the firm. In one recent case a company let an IT Director go. But the IT director changed all the passwords, and wouldn’t tell the company what the new passwords were unless they paid him a fee of hundreds of thousands of dollars. The company was dead in the water, locked out of its own data. Meanwhile, the former employee could have sold all kinds of data to criminals if he wanted to. The company was both crippled and dangerously exposed.
- Keep software updated regularly. Cyberthieves are constantly exploiting vulnerabilities in software and operating systems to breach computer systems and steal data. Software manufacturers are constantly updating to eliminate vulnerabilities. But they can’t help you if you don’t download the latest patches, fixes and software updates. Update every week, as a minimum. Turn on automatic updates.
- Invest in employee training. Train employees to recognize ‘spearphishing’ and other online ploys to trick them into entering passwords. Train them not to key in sensitive data, such as a password, if there is no encryption on the page (e.g., an https:// prefix or a ‘padlock’ icon in the browser URL window).
- Do a full inventory of sensitive information. Do you know exactly where it is stored? Who has access? Some servers or storage devices may have to be kept under lock and key, with strictly controlled access. If possible, disconnect them from the network when you don’t need them. If you cannot completely seal these servers off from network access, concentrate IT security attention on these assets. Back up the sensitive data offsite, or to the Cloud, where it is very difficult for an employee to steal a backup disk or tape.
- Encrypt sensitive data. If you properly encrypt data, even if you get breached, the information is useless to the data thieves and your sensitive information is still protected.
- Use SSL (secure socket layer) or similar secure connections for all sensitive financial transactions, including credit card payments and other transfers.
- Employ several security layers, from spam filters to firewalls.
- Recognize the threat from employee-owned devices. Employees may routinely plug in their own cell phones and tablets into company USB ports – and can then easily download anything they have digital access to at their workstations. Consider disabling USB ports and draw up appropriate policies restricting connecting personally-owned devices to workstations that have access to sensitive data.
- Scan all new devices before they are attached to your general network.
- Consider providing employees with company-owned devices that can be retrieved when the employee leaves service. Otherwise you could have sensitive information loose on employee-owned mobile devices when they are no longer even employees. They could even be working for your competition!
- Don’t let employees download unauthorized programs. Centralize control of apps and software downloads with your IT professional or designated expert. Otherwise, employees may inadvertently download programs containing spyware or malware.
- Consider storing all data in the Cloud, rather than onsite. This eliminates the risk of physical theft from anyone in your organization (though you must still protect passwords, etc.). Do not allow data to be stored directly on mobile devices, which are easily lost or stolen. Have devices draw sensitive data from the Cloud, not from their own memory chips.
- Change passwords and access privileges whenever someone leaves the company. This includes door lock codes as well as network access.
- Be careful with wireless networks in the office. They make things easy on employees – but they also make things easy for data thieves, who don’t even have to be in the building to log on to your network. A disgruntled former employee could do it sitting in a car outside – and do a lot of damage – if you have a wireless network in your office. If you choose to have a wireless office, you should take extra actions to segregate sensitive data from general access.
- Don’t collect data you don’t need. If you have excess data that you don’t need to store, erase it, permanently.