A data breach could turn into a catastrophic event for any company, especially for small businesses that may not be prepared for this emerging threat. The 2015 Symantec Internet Security Threat Report found that 60% of all targeted attacks struck small- to mid-sized companies.1 As a business owner or an employee, there are a number of preventive steps you can take to help keep your company’s data secure. The most important place to start is to know the common causes of data breaches and how to avoid them before the damage is done.
You may think data breaches are mainly caused by outsiders hacking into the system. While that scenario is the one that makes headlines in the media, the fact is that employee error, such as a lost or stolen computer or mobile device, or downloading malicious software, can also lead to data loss or a data breach incident. Train your employees to better understand these risks to help protect your company’s data.
Following are some safety steps, including how to help protect your work space, stay safer when receiving email and create strong passwords.
- Protect Data at Your Work Space
If you step away from your desk while you are in the middle of a project that includes sensitive business information, take some precautions to protect company data from visitors or others who are not authorized to see that information. Remember these simple tips for keeping your work spaces secure:
- When you step away from your computer, lock it up. You can also change your preferences to require your user account password when unlocking or waking up your computer.
- After a meeting, clean up your materials.
- After printing, copying or faxing, pick up your documents right away.
- Keep sensitive documents in secure locations.
- Always stay aware of your surroundings.
- Be Aware of Phishing Schemes
Phishing emails are fake email messages that can be used by criminals and hackers to target your credit and identity, gain control of your computer and network or steal your password and access company information. They often appear as if coming from a trusted source, such as your credit card company or another vendor, and can often include links or attachments that they ask you to download. You should delete suspicious emails without opening them.
Before you open an email or respond to any requests to download files or click on links, confirm that it:
- Comes from someone you know.
- Comes from someone who has sent you an email before.
- Is something you were expecting.
- Does not look odd, with unusual spelling or characters.
- Passwords: Longer is Stronger
Using strong passwords and changing them regularly makes it harder for thieves to access information. Never share your password with anyone. Choose something cryptic so it is difficult to guess, but it should also be memorable so you can avoid writing it down. If you do write it down, keep it in a locked cabinet or drawer.
Best practices for strong passwords include the following:
- Passwords should not contain all or part of your name or ID.
- Passwords should be at least seven characters long.
- Passwords should contain characters from at least two of the following four categories: upper case letters, lower case letters, numbers and symbols (e.g., &, %, $, #).
- Stay On Guard While Traveling
Portable devices, including laptops, tablets and smartphones, can be easier to lose and a target for thieves. Be aware when logging in to secure systems in public places so others cannot see your username and password.
- Keep your mobile device with you at all times while at the airport, on public transportation or in any public space, and never check it with your baggage.
- When you travel by car with your laptop, put it in the trunk of the vehicle. Take it with you when you arrive at your final destination.
- Never store your password or backups with your mobile devices.
- When away from the office, keep your company laptop, mobile device and portable storage devices, such as flash drives, secure, either locked up or in your personal possession.
- Recognize Social Engineering
Much like piecing together a puzzle, social engineers get what they need by gathering pieces of information from many different sources, including your social profiles and other information about your organization. Since people may not be who they claim to be, always verify before providing any kind of information.
If someone you do not know claims to be a fellow employee, you can:
- Try calling the person back at their work phone number.
- Send a code word or number to his or her company email address and ask the person to call back with it.
Sources: 1 Symantec Internet Security Threat Report, April 2015, Volume 20: https://www4.symantec.com/mktginfo/whitepaper/ISTR/21347932_GA-internet-security-threat-report-volume-20-2015-social_v2.pdf