Common information security breach examples and how to avoid them.
It used to be that major information security hacks were the purely the stuff of Hollywood films. The government may have reason to worry, but it hardly seemed likely you are your businesses would become targets. But as security hacks of major corporations regularly make headlines, businesses are becoming increasingly aware of both the cost of an information security breach, and the likelihood that it will one day happen to them.
The reality is that critical information can be lost or stolen in a variety of ways, many of them hard to prevent or control. A malicious attack from an outside source is only one of these ways. Information can also be lost or stolen through a banal system glitch, or through simple human error. And as much as many of us focus on the external threat, there’s only so much we can do to protect against an internal one in the form of a disgruntled employee sabotaging their (soon-to-be) ex-employer.
With all the ways data can be lost or intercepted, how can you take steps to safeguard against a costly information security breach? Let us provide some guidance.
Limit access.
Not everyone needs access to every system. Limiting access can help an information security breach in one area from spreading through your entire system. It can also prevent someone with an axe to grind from sabotaging your business.
You can protect your information security by assigning role-based access permissions to all employees. Make sure everyone has access to the files they need to do their jobs, but don’t share all information indiscriminately.
Secure mobile devices.
You can invest thousands of dollars into complex online security only to be thwarted by an employee leaving their unlocked cell phone behind in a restaurant. Employees increasingly depend upon constant access to do their work, no matter where they are. While this allows for greater flexibility and many gains in efficiency for your business, ensuring that all these devices are secure comes at significant cost.
Make sure that everyone knows to keep their portable devices—phones, tablets, and laptops—password protected. Also, educate your personnel on the dangers of accessing sensitive information via public WiFi. If they must do work in a café, a portable hotspot such as those they can enable from their phone will be more secure.
Choose strong passwords.
It’s stunning how many people fail to keep their passwords secure. The most common errors include either forgetting to change the password from the default, picking a password that is short or easy to crack, and re-using the same password across multiple applications to guard secure information. Most of us do this because we want a memorable password that we don’t have to store anywhere.
But the reality is that “memorable” passwords are usually too short, and include patterns that most password cracking software can exploit, because they are based on real words. A secure password should be at least 16 characters long, and contain a random assortment of the full character set on your keyboard. It may be a bother to store this password, but it is critical to good system security.
Enable two-factor authentication.
Two-factor authentication provides an extra backup in the event that someone wants to access your information from a remote location. Two-factor means that access requires two pieces of coded information. One is usually the user password to the account, while the other is a 4- or 6-digit code, which is emailed or texted to the user. Some of these can be disabled if a user is on a “trusted device” (one to which they have exclusive access), but the user would need both factors to access information on another device.
Guard early against an information security breach.
Investing in information security can feel like buying insurance: if nothing happens, how do you know it was worth it? But as security breaches increasingly show, the risks to your data are prevalent, and your business cannot afford to remain vulnerable. For a more detailed look at your current information security network, contact us for a free assessment.