7 Basics for Keeping Your Company's Data Safe

Data breaches are costly in money and reputation. Before looking for exotic measures, make sure you have the fundamentals covered.

learn more about Istvan Lam

By Istvan Lam • Jan 1, 2015 Originally published Jan 1, 2015

Opinions expressed by Entrepreneur contributors are their own.

Every other week there is a new high-profile data breach in the media. From Target to Home Depot to iCloud to JPMorgan to Snapchat to the White House—and most recently the devastating attack on Sony Pictures Entertainment—there's always a headline highlighting the loss of data and breach of trust.

But that doesn't mean your business has to be one of them and suffer the staggering $3.5 million losses resulting from an average data breach.

Here are seven practices and products you can adopt today to stay out of the data breach club.

1. Arm yourself for the threats within.

Data risks today don't solely originate from malicious hackers, even if news headlines suggest otherwise. A recent PwC study found that internal threats and mistakes now constitute a bigger challenge to business security than external ones, meaning that regardless of size, today's businesses must control not just data on storage platforms, but on employee and business partners' devices and accounts.

Related: 5 Lessons Leaders Can Learn From the Sony Hacking Scandal

2. Get the lay of the land.

Ask yourself: "What is the most sensitive, confidential data that our business holds, how is it handled, and who has access to it?" Create a spreadsheet matching data types and services to the employees and business associates who can access them. Make sure to include the two most sensitive types of data: customer information and intellectual property.

3. Roles and permissions.

Once you've identified your assets, review levels of access and if they can be regulated via policy, or, better yet, programmatically. An important factor to consider is whether your content management platform of choice allows the depth of control administrators need to set roles for each specific use case within the company. It's important that these are refined, limiting access and edit of important data to authorized staff.

4. Learn your weaknesses.

Most people reuse the same password across services, including work-related programs. When a big retailer or service provider is breached, there is a very real chance that corporate emails and passwords are also impacted. A similar vulnerability recently enabled attackers to gain access to millions of Dropbox accounts as third-party services integrated with the product were compromised, laying millions of usernames and passwords vulnerable.

To learn if this has happened before, start by heading over to security expert Troy Hunt's site or Breach Alarm's free tool and scan employees' email addresses through their tool—their database is often updated with the latest published breaches.

Related: 8 Mostly Free Best Practices for Tightening Internal Data Security

5. Passwords hold the key.

To prevent a similar incident, have a strong password management policy. Educating employees about never reusing passwords across services and creating stronger passwords (aim for length over variety of characters, though) is also key.

Understandably, this requirement results in difficult to remember passwords, straining productivity. If possible, start using a password management application. They're easy to use, automatically generate strong passwords for each service—and, most importantly, they're secure. LastPass is a leader in this field.

6. Anticipate the next Shellshock.

There is another important reason to stay on top of security news. Within the past year alone, two major vulnerabilities were found to be lurking in widely used software—Heartbleed and Shellshock. We can safely assume that it's only a matter of time until the next vulnerability is unearthed, and it's important to pay attention to the news for when they come to light—especially if any of the software your business uses is compromised. Mass exploitation of these vulnerabilities can happen in as little as a week's time after they're disclosed, so your business is at risk if you wait around—or even worse, do nothing.

7. Do your homework.

When choosing services to implement into your business's workflow, it's important not to overlook pure security for productivity benefits, an easy mistake in today's productivity-and-cloud-crazed environment. Do your due diligence, and make sure to go with services that are recommended by security professionals and your industry's relevant associations, which often publish guidelines relevant to your market and regulatory environment. It's also important to make sure the services that you decide to go with include privacy policies and guarantees that will inform you when their systems are breached.

Related: 'Bash' Bug Could Be Bigger Than Heartbleed

Istvan Lam

Founder and CEO of Tresorit

Isvan Lam is the CEO and co-inventor of Tresorit’s encryption technology. From a very young age, Istvan had a deep interest in security and cryptography. During his time as a University student, Istvan needed a secure cloud service where he could store his personal files and intellectual property securely. Feeling that no option on the market provided the top-tier security he required, Istvan went on to develop Tresorit in 2011, deploying the strictest data security regulations backed by the company’s patent-pending cryptographic encryption technology.

Related Topics

Editor's Pick

This Co-Founder Was Kicked Out of Retailers for Pitching a 'Taboo' Beauty Product. Now, Her Multi-Million-Dollar Company Sells It for More Than $20 an Ounce.
Have You Ever Obsessed Over 'What If'? According to Scientists, You Don't Actually Know What Would Have Fixed Everything.
Most People Don't Know These 2 Things Are Resume Red Flags. A Career Expert Reveals How to Work Around Them.
Business News

Survey: A Majority of Americans Are Living Paycheck to Paycheck

Sixty-four percent of U.S. consumers live paycheck to paycheck — even those who earn more than $100,000 a year.

Business News

Massive Fire At Top Egg Farm Leaves Estimated 100,000 Hens Dead. What Does This Mean For Egg Prices?

Hillandale Farms in Bozrah, Connecticut went up in flames on Saturday in an incident that is still under investigation.

Business Solutions

5 Procurement Trends To Keep on Your Radar for 2023

Procurement professionals must adapt to inflation and a shortage of skilled labor in the face of an economic recession. Investing in a workforce paired with retraining and development strategies will put your company on top amid economic uncertainty.

Business Ideas

55 Small Business Ideas To Start Right Now

To start one of these home-based businesses, you don't need a lot of funding -- just energy, passion and the drive to succeed.

Business News

'This Just Can't Be for Real': Fyre Festival Fraudster Billy McFarland is Now Hiring For His New Tech Company -- And He's Already Selling Merch

McFarland was released from house arrest last September and is currently being ordered to pay $26 million in restitution to fraud victims.