Data can be considered the life blood of any business. Organizations must adhere to the best practices of digital data handling, especially since many businesses store personal data about their employees and customers. If hackers and scammers gain access to this data, they could try to sell it on the black market.
A report published by Intel Security suggests that 43% of all data breaches are caused by users. By training your users on how to properly handle digital data, your business can become proactive in its fight to defend your customer's personal identifiable information (PII) from prying eyes.
#1.) Provide Training for Your Users
Unfortunately, end users are to blame for a large portion of data breaches. It is important to train your employees on the data security safeguards put in place by your IT staff.
Training your employees on how to properly handle data can help prevent an unintentional data breach. Hackers and scammers have become bold in executing their exploits; social engineering techniques are commonly used to trick employees into handing over private information.
"The weakest point in any security program is people; namely, the insider. Insider threats can be malicious; but more commonly, they are accidental," writes Philip Casesa in the whitepaper Securing the Weakest Links: Insiders.
"Insiders can have ill intent, they can also be manipulated or exploited, or they can simply make a mistake and email a spreadsheet full of client information to the wrong email address," Casesa concludes.
#2.) Use Secured File Sharing Services
Many businesses have taken full advantage of cloud based file sharing services such as Box, ShareFile, and Tresorit. Storing your data in the cloud can provide your organization with the advantage of being able to share data and collaborate instantaneously.
By using secure file sharing services, you can exert complete control over the data your business shares with 3rd parties. Knowing who, what, when, where, and how this data is being accessed gives your organization the confidence to begin using secure file sharing services.
If you prefer not to use a 3rd party file sharing service, your business can setup an SFTP server, issue a certificate to trusted peers, and assign access credentials for 3rd parties. This method ensures that the connection to your file repository is encrypted while only authorized parties have granularized access to the resources that they need.
#3.) Regularly Audit File Share Access Privileges
If your business uses file shares to store confidential data, it is important to ensure that only those who need access to the data have the necessary privileges to read, write, or execute on the specified network paths.
As a best practice, you should never have a publicly displayed folder on a shared network drive called "HR Data." If a breach were to happen, hackers would be able to spot this folder and know that this is where the valuable data resides. Always hide these folders and use Active Directory group membership as a means of delegating access to sensitive information throughout your network.
Perform a monthly audit on the accessibility of file shares in your organization to ensure that a user doesn't have access to a resource that is off limits. System administrators can write PowerShell scripts that automate the tedious task of going through and checking all of the access control lists associated with different files shares.
#4.) Implement a Secured Email Delivery System
When your employees send email with sensitive data to a third party, it is critical to ensure that this email is sent over a secured channel. More importantly, you may want to exert additional controls over those who see the data, how long they can view the data, and what they can do with the data once they've opened the email.
Secured email services such as Mimecast, AppRiver, and Barracuda have emerged to provide organizations with granular controls over emails once they have left your email's domain.
Policies and filters can be setup to alert, block or encrypt emails that contain certain verbiage, words or patterns.
For example, if you sent an email that said "SSN: 123-45-6789," the email encryption service could sense the presence of personal information and automatically encrypt the email and provide a secure delivery portal for the recipient to review the message.
#5.) Conspicuously Post Information Handling Guidelines
How does a business drive home the importance of implementing proper data handling procedures? The practices and policies surrounding the handling of sensitive data shouldn't be an annual reminder. In fact, organizations should stress the importance of data handling procedures on a day-to-day basis.
Classification levels could be created that give employees an outline of how they should handle and disseminate the data they receive in an email.
One of the best ways to get your employees to recognize the importance of data handling procedures is to print up large posters about your data handling procedures and have them posted conspicuously in common areas such as break rooms, hallways, and meeting rooms.
Employees won't be able to walk to their desk without catching a reminder of how important it is to properly handle the data stored on your network.
#6.) Make Data Handling Part of Your Corporate Culture
Data handling procedures should become a regular part of your corporate culture.
A business in the financial sector may regularly handle sensitive information such as bank account numbers, credit card numbers, social security numbers, tax returns, and more. Regardless of your sector, it's possible that your business collects these same details through your HR department.
Customer and employee data privacy should be the #1 compliance goal for your entire executive team. Larger enterprises will create social campaigns that help engage employees on data security awareness policies.
Ice cream socials, catered lunches, and gift cards are often provided by large organizations to help recognize outstanding employees who do whatever it takes to keep corporate data safe.
Implement quarterly testing for all employees on basic information handling skills. If the collective score is above a certain percentage, you could then consider rewarding your employees for their excellence in handling sensitive data.
While we offer a variety of support plans for companies that require regular security and maintenance, we like to work closely with local Greenville, SC and Atlanta, GA area businesses like yours to help develop their technology and grow their business however they see fit. Our level of involvement can evolve your business. Just give us a call at (833) 482-6435 or click the banner below to get the IT support you need now!
If you enjoyed this IT Support article, please check out other posts on our blog and join us on Facebook, Twitter, LinkedIn, and Google+ to see how else we can help your Greenville, SC or Atlanta, GA area business succeed!