One of the biggest mistakes companies make when they’re starting out is not placing enough importance on data security. We know starting a new company isn’t easy — you have an endless amount of responsibility with not nearly enough time, money, or manpower to support you.
But while any new company can and will make mistakes, some are more costly than others. The current state of modern technology has made massive data breaches and security scandals common occurrences. Having low standards for protection is no longer acceptable and inevitably results in negative, expensive, and long-term consequences.
Luckily, we have some quick tips to make sure you don’t become a household name for the wrong reasons — because if Target and the FBI can have large amounts of private data stolen, so can you.
Establish a security-focused culture from the beginning
Whether you have 2 employees or 200, the importance of security to the well-being of the company as a whole should be strongly emphasized from the start. The on-boarding process for new hires should include a security training component, so that everyone is well-versed with your policies and processes. This training should be regularly reinforced and updated to keep up with constantly changing technology.
From locking your computer when you leave your desk to using a multi-factor authentication process, best practices should be well-known and enforced across all levels. These practices should be stated clearly in your company’s data protection policies, with compliance expected regardless of status or job title.
If you need proof that setting the “tone at the top” is important, check out Verizon’s 2015 Data Breach Investigations Report, which highlighted that insider misuse was the reason for over 10% of confirmed data breaches and 20% of total data security-related incidents.
Your mom doesn’t need your e-mail password
Delegating access is one of the first steps to maintaining an effective data security strategy. In the previous study, Verizon showed that 88% of information leaks are a result of incorrect access rights. To lower the chance of this happening to your company, centralize your authentication controls and establish a multi-step process for request system access. Develop a procedure for sharing passwords and an accessible internal directory that lists every member in your company and what specifically they should have access to.
A study by LastPass, a password management service, showed that 61% of people are more likely to share work passwords than personal passwords while 95% of people have admitted to sharing passwords of any kind. These numbers are staggering, especially when considering the high level of data sensitivity that so many people handle every day.
Point is, save the password sharing for your video streaming services; your BFF can have access to your Netflix account, but any work-related access should be strictly off-limits.
Prevention is better than cure
When it comes to data security, you should be thinking 10 steps ahead at all times. Anticipate any potential threats that could possibly be posed to your business, whether it’s data at risk from malicious forces external to the company or small internal errors that still have the ability to compromise the integrity of your information.
This is especially important if you’re a company that works with large amounts of customer data — resolving internal data breaches is one issue, but having to explain to your clients that their private information has been compromised is a whole other nightmare best avoided.
One method we recommend is taking a layered approach to protecting network operations as a whole. From the lowest level, this means using anti-virus software and closely monitoring all workstations on the company network. If you or one of your employees loses a phone, laptop, or any other work device, it should be remotely wiped immediately.
In addition, perform constant backups and maintain detailed logs of all systems. All of this data should be encrypted and the cyphers used for encryption in transfer should be regularly changed. If the size of your company requires it, invest in an external data center as an added level of protection for you and your customers.
Finally, put together a Risk Management Plan that comprehensively describes all of your security measures, including a disaster recovery plan for an extreme situation. This plan should be periodically tested and updated as needed.
There’s an app for that
While all of these measures may sound overwhelming, the good news is that that there are plenty of cheap and easy options out there to help you.
Both Box and Google Apps are great for securely storing company files and collaborative documents. LastPass, Sticky Password, and Dashlane can help with password management while BitDefender offers real-time security for all of your company’s devices. For identity management (and creating that internal directory mentioned before), FreeIPA can help with a variety of network administration tasks and is, well, free.
So, what do you think?
Now we want to know what’s worked for you. How does your company protect your data? What are your favorite data security apps and services? Comment below with your thoughts or tweet us @FormAssembly. We’d love to hear from you!