6 Ways to Protect Your Data
It’s hard not to worry about your data when you hear of all these security breaches, even within mega companies that should have been bullet-proof! It just goes to show that no-one is safe, regardless of size or field of activity.
Given the latest revelations about the Yahoo breach, we thought we’d share five strategies to help you protect yourself. Just remember that none of these strategies in itself is ironclad; however, a solid data-security plan that combines several of these strategies greatly diminishes your risk.
Practice proper cyberhygiene
We love this new term coined by the Wall Street Journal. Lots of little things which can seem like no big deal can and should be performed on a regular basis. These seemingly insignificant practices can protect your data over the medium and long term. Taken together, they are known as cyberhygiene.
One of the little things you can do is update your software systematically and perform security audits regularly.
The WSJ illustrated the importance of cyberhygiene with the example of the security loophole discovered in the Windows operating system back in 2010. A patch was quickly developed to resolve the issue. However, in 2014 (i.e. 4 years later!) over one third of security issues found by HP researchers still exploited this flaw. How is that possible? It’s simple: a large number of companies and individuals had never bothered to download the patch.
Cloak your data
A relatively simple and effective practice, yet implemented by very few companies. For obvious reasons, it is a particularly important practice to adopt when storing data in the Cloud.
The poor take-up is due to the fact that encryption/decryption processes can be slow and expensive. According to Avivah Litan, Senior Security Analyst at Gartner Inc., “you can’t rely on people. You have to rely on technology.” Encryption is the main technology for data protection.
Password management is a pain in the neck for users and IT support alike. Worse, they’re not that effective! Not everyone hates them though: hackers love them, because they know that people often reuse the same password for different accounts: how many of us are able or willing to memorize dozens of different passwords?
The obvious solution is to encourage the use of password managers.
But there is another solution: dump passwords entirely and have users identify themselves with a tiny USB key instead. That’s what Facebook and Google have done for their staff.
Vet your vendors
All companies must work exclusively with IT partners that are reliable and trustworthy. After all, your external partners can access your data or at least compromise it. This means that you must perform a background check for each of your suppliers, which should cover more than one aspect of their operations -- and a legal opinion on your service contract is a must.
Of course, such oversight and overall control is not within the means of all suppliers, especially (but not exclusively) newer ones. This is where companies like BitSight Technologies and Security Scorecard step in, rating the overall security and risks related to third-party IT companies. This service can make your job that much easier.
Train your staff
Some of those phishing emails are so obvious they’re a joke. But not all of them are that easy to spot! Your employees must receive training on recognizing and neutralizing threats, no matter how clever (and therefore dangerous). The main message should be this: when in doubt, no matter how slight, do not reply. Alert the IT department immediately.
In 2013, American retail giant Target was hacked, losing control of some 40 million credit-card numbers. The worst part? According to Brian Krebs, the sensitive information was lost through a supplier, whose employee fell for a phishing scam that delivered a Trojan Horse.
To start 2017 on the right foot, now is the time to reconsider your data and infrastructure protection strategy!