8 Tips to prevent data breaches

The following eight steps will help you properly assess your current electronic communication security situation, provide you with guidance to implement appropriate measures, and shield your data from being exposed or exploited.

  1. Understand regulatory compliance requirements — To begin planning a security strategy, be aware of regulations affecting your business. These regulations can range from federal and state laws covering all businesses when handling sensitive customer data to regulations targeted at your specific industry. Implement a quarterly review of these regulations to ensure adherence.
  2. Identify and assess security risks in your organization — Determine the location of all sensitive data and whether any protective measures are currently in place. Also, determine how your sensitive information is distributed (via e-mail, texts, or various other channels) and who has access to information stored on corporate servers as well as in the cloud.
  3. Establish written security policies regarding collection/use of personal information — This is a document requiring semi-annual updates and should define the following items:
    • Proper storing and disposal of electronic personal data
    • Identify an officer responsible for information security
    • Identify users inside your company with access to sensitive information, especially those with administration rights or unrestricted access to data
    • Adopt a least-privilege approach to data, providing users only enough access privileges to allow them to complete their duties
    • Block social media channels you cannot or do not wish to supervise
    • Automatically log users out and lock computers when not in use
  4. Educate your employees regarding common scam methods/breach threats — Many internal breaches occur due to simple human error or lack of awareness, making it important to ensure your employees are aware of their actions and understand how to protect sensitive data.
  5. Take steps to protect when accessing Wi-Fi networks— Since this is one of the easiest way for perpetrators to access your data. Precautions should include:
    • Use Wi-Fi networks with caution when traveling, only use wireless networks secured with passwords
    • Ensure business Wi-Fi networks are secured at all times. Utilize a VPN (Virtual Private Network) when possible
  6. Ensure all devices are adequately secured— Since data leaks can occur across all channels. Important things to remember include:
    • Utilize complex passwords on mobile and computer devices
    • Limit users to only devices which can be adequately protected and monitored
    • Always install patches and updates as soon as they become available
    • Ensure all software downloads are from trusted sources
  7. Use encryption technology — This is a proven way to prevent security attacks. Studies in 2013 indicate that 73 percent of all breaches could have been prevented if encryption technology was utilized. Implementing encryption technology to protect consumer data is a safe harbor under most state or federal breach regulations, according to Beasley. Utilize a layered approach in all communication channels including computers, mobile devices, networks, and hard drives.
  8. Revise and improve your email usage standards — While 70 percent of businesses consider e-mail as the top means of communication, it is surprising that they often take so little care to secure it. Unsecured e-mail is easily accessed even by the most inexperienced hackers. E-mail confidentiality statements are not adequate, nor do they protect from regulatory violations. The only sensible solution is to implement a user-friendly e-mail security product or service.

Securing electronic messages should be one of the top IT priorities for organizations in 2015. The process should not be overly complex or expensive, but it does require proper planning and regular revisions. While there is no such thing as a 100 percent breach-proof security system, the majority of attacks can easily be prevented by following the simple steps outlined in this article.

— See also “Beazley announces finding from analysis of 1,500 data breaches,” Beasley, 18 September 2014; “Your Business Is Never Too Small For A Cyber Attack, Here’s How To Protect Yourself.” Forbes, 13 May 2013

Todd Sexton is the CEO of Identillect Technologies Inc.