One of the worst disasters a company can face is a successful cyberattack that exposes confidential data. The resulting financial damages from data breaches can be tremendous, and it’s estimated that around 60% of small businesses shut down within a few months of being attacked.
When tracking data breaches on companies, one astonishing fact is how preventable many cases were. In many cases, cyberattacks on businesses are successful due to lax security protocols. In this article, we’re going to share how you can implement better cybersecurity for your company, making it harder for attackers to successfully breach your systems.
Connect Only the Most Necessary Information
Big data can be very useful for customer insights and tracking, but you have to think about what criminals could do with that information. With that in mind, it’s important to collect only the most important customer information, while still giving consumers their privacy.
One good way is allowing customers to opt-in their data. Giving users the option to disable targeted tracking is mandatory in Apple store apps, for example, but you can apply this principle to webforms.
For example, think if your company really needs a user’s home address and other personally identifiable information, or if you can just let them sign up with a username and email.
The fewer customer data you store, the fewer damages are done in the event of a successful database attack.
Restrict Employee Privileges
It’s a good practice to limit employee roles on company networks, allowing them access to only the workspaces and data files that are required for their work.
Many successful cyberattacks on companies have been the result of compromised employee accounts, sometimes intentionally in the case of malicious inside actors. There are several ways an employee’s account could become compromised, such as:
- Falling for a phishing email, such as an email spoofing the company IT department.
- Having weak passwords and account security.
- Being persuaded to give up account information (for money or through social engineering).
There are numerous other ways employee accounts can become compromised, but the important thing is that employee privileges on the company network be restricted to minimize damages. Companies like IdentityGuard also offer identity theft protection services, which can also apply to employee accounts by encrypting employee account information, rather than local storage.
So a secretary or employee in the accounting department might accidentally fall for a phishing email, but if they don’t have access to databases storing customer credit cards, damage can be significantly reduced. Make it a point to review employee roles and privileges across company networks and workspaces.
Routinely Destroy Old Data
There’s very little reason for companies to keep old data, and let data pass its lifecycle. Imagine it like a room stacked with cardboard boxes full of customer information. One match lit, and that entire room becomes a blazing inferno.
One of the ways you can prevent access to company and customer data is by limiting the amount of data your company actually stores. You could, for example, routinely purge old customer accounts, and remove payment information from older databases.
You can find more tips on performing security reviews in this useful article from Keepnet Labs.
Physically Secure All Devices
Hacks don’t just happen over the internet, like in the movies where you see a hacker pounding code onto a screen to gain access to a system.
Many data breaches start with physical breaches and social engineering. An employee leaving their password taped to their desk, or server machines not being locked up tight.
Make sure all workstations in your company are physically secure, and critical devices such as routers and IoT devices, like WiFi-enabled printers, are tamper-proof.
Furthermore, you should limit BYOD (bring your own device) policies. As much as employees enjoy using their own devices at work, it’s a security threat when an employee’s laptop running outdated software is connected to the company network.
Computer security -DepositPhotos