8 Mostly Free Best Practices for Tightening Internal Data Security
Just how safe is your company data? According to the IBM Cyber Security Intelligence Index, U.S. businesses experienced over 1.5 million monitored cyber attacks in 2013 alone. Sensitive information regarding your internal operations, your customers and your employees is at risk if your organization does not take proper measures to secure its data. Take a look at these eight crucial security reminders for business leaders to keep in mind.
1. Password Character Requirements. There's a reason why so many web-based consumer services require complex passwords. Unauthorized users are less likely to guess passwords when employees use a blend of phrases, upper and lower case letters, numbers, and punctuation. Work with your IT department to configure the password requirements for your employees.
2. Password rotation. Passwords that go stagnant are a liability for companies. For example, former employees might still be able to gain access to confidential information after they leave the company, if teams use the same outdated group email. Schedule password rotations every few months so that every user must update accounts with new passwords.
3. Session time out. This setting prevents a user's account from remaining signed into a system after a certain period of time. For example, if a cashier leaves their point of sale terminal, their session should automatically expire after a delay so that no unauthorized users can attempt to operate the point of sale.
4. No outside hardware. No employee should be allowed to use external hardware in the office, such as storage devices or other peripherals, unless cleared by your company's IT department. External devices can contain spyware or viruses that pose a significant risk to your computers and network. Additionally, this restriction reduces the risk of employees stealing internal data.
5. Installation restrictions. Employees should not be able to install unauthorized software on work computers or mobile devices, since unchecked installations can lead to malware infections. For example, a graphic designer might decide to download a freeware utility to complete a project. While they are well intentioned, this employee might accidentally install a trojan on their work computer.
6. Managed mobile devices. Mobile device management (MDM) software allows you to enroll in-house and BYOD technology in a system that deploys security configuration settings, company data and content over the air. This is an excellent way to enforce remote security restrictions, such as password updates or app restrictions. Once an employee leaves a company, company-related data can be quickly wiped from their device remotely.
7. Backup encryption. Copies of your company data can also be a weak point, if unauthorized users are able to view and edit these files. Work with your IT department to create redundant and encrypted backups of your business-critical data.
8. Remote wipe. Mobile device solutions like Android Device Manager and iCloud allow you to remotely wipe device data if your smartphone or tablet is lost or stolen. This will quell your fears about confidential data leaks, in case you forget your phone at a restaurant. Many of these remote security systems also help you track and lock your devices, so that you can attempt to recover your technology before erasing it.
Anyone from the newest intern to C-level executives can become a target of digital crime. Train your employees to observe data security best practices. Taking proactive measures will help your business stay ahead of threats.