Sam Makad is a business consultant. He helps small & medium enterprises to grow their businesses and overall ROI. You can follow Sam on Twitter, Facebook, and Linkedin.
Discover 8 strategies your business may use to best protect itself against human error and ultimately stop data breaches.
Data breaches can have extreme consequences. If an employee or company has information exposed, this could affect many areas of your life or your business.
So, are you tech-savvy, or do you feel that safeguarding the data is something you need help with? Regardless of your answer (because there’s always something to learn), we’re here to help.
Read on for some helpful tips to reduce the risk of a data breach.
What happens when a company has a data breach?
In May 2021, one of the biggest oil pipelines in North America was hacked. Fuel supplies along the US East Coast were disrupted, and the company, Colonial Pipeline, was held to ransom for millions of dollars.
This all happened because one former employee’s VPN password was hacked online. The attackers were able to use this password to get into the company’s networks, encrypt valuable data, and make huge demands for the decryption key.
The company paid out $4.4 million in Bitcoin to recover their data. This isn’t the only cost that comes from a company data breach, though.
In 2013 and 2014, tech giant Yahoo faced some major hacks that seriously and severely breached company and customer data. It’s estimated that in 2013, all 3 billion of Yahoo’s customers had their data breached and sold on the dark web. A 2014 attack hit half a billion users, too.
The sale of Yahoo to Verizon was affected, with $350 million being knocked off the sale price when the scale of the breach was uncovered in June 2017. Another significant cost was the $117.5 million Yahoo was ordered to pay in compensation and costs for those affected by the breach.
Your company may not be a multi-billion-dollar giant like Colonial or Yahoo, but if these companies can fall prey to hackers, you can bet your business is in some hacker’s sights.
Here’s what you can do to secure your business.
1. Make sure devices are password protected
When was the last time you changed your email password? Statistics from 2022 show that less than half of people have changed the password to their email accounts in the last year.
Your company’s data, which is stored on laptops, tablets, and even smartphones, can be easily hacked if it’s protected with a commonly used password. Simply guessing your password (which hopefully isn’t one of the most hackable ones), hackers can gain access and make unauthorized use of the sensitive data stored within.
The password you use should be secure, consisting of:
- Upper and lower case letters;
- Special characters such as a punctuation (!, ?, #, etc);
Additionally, the longer your password is–the better. At the same time, avoid using the same password for multiple devices and accounts and change it on a regular basis.
If you struggle to keep track of your passwords, you may want to consider using a password management tool. These tools can help you store your passwords and even have random password generators that can help you use less-obvious options. And if you feel like your weak password might’ve already led to the leak
2. Secure information that’s physically stored
You may store certain information in a non-digital fashion, for instance, in cabinets and office drawers. However, when storing data in this way, you still need to take security measures seriously.
For instance, leaving a drawer unattended or unlocked can lead to somebody taking advantage of it and stealing the papers that contain sensitive information.
So, every time you leave data unattended, make sure that the drawer or cabinet is locked and limit the number of people who have a key to it. This way, if there is a breach, it’ll be easier to track down the responsible ones.
3. Download a VPN
Any device with an internet connection can be vulnerable to attack. If you download and install a VPN, your online security can be improved. Not only does a VPN encrypt your search history (meaning no one but you can access it), but it also gives you some extra protection when using public WiFi hotspots.
In addition, a VPN masks your IP location, making it more difficult for hackers to keep track of you and your devices.
4. Use antivirus software
Reputable antivirus software will not only scan files for threats such as malware before you download them but also scan your device for pre-existing infections. Viruses can be present on a device without your knowledge, which can cause a data breach.
As with other cybersecurity measures, antivirus software can become outdated too. Make sure you always have the latest update downloaded to keep your risk of a cyberattack as low as you can.
5. Keep your operating system updated
Even state-of-the-art hardware can develop weaknesses in its cybersecurity. Hackers seek and try to target any vulnerabilities in your devices’ defense. That’s why operating systems and applications need to be updated to patch these issues.
Some apps will offer prompts when an update is recommended or available. Others will wait for you to carry out these updates manually. Make sure to regularly check that any programs you are using are as up-to-date.
Try not to put off your operating system from updating for too long as well. We know it can be annoying if you’re in the middle of something, but it’s worth it in the long run.
If your team uses their personal devices for work, make sure they’re aware of the importance of updating their devices as well. Consider implementing a “Update Day” periodically where you remind you team to check their operating systems, software, and apps for updates and give guides on how to set up automatic updates.
6. Make sure your staff are properly trained
This can be a step that companies need to pay more attention to. Some staff members may not know that data, such as employees’ home addresses, yearly turnover, or even dates of financial transactions, should be kept safe.
Conduct regular cybersecurity training and educate your staff on the importance of cyber vigilance. Your workers should know the exact procedures to follow when acquiring, processing, and storing precious information regarding your company.
There are plenty of issues you need to keep an eye on with your employees – as we’ve seen, their security issues can cause huge issues for you. Some of the key things you need to regularly review with your team include:
- Email security, such as checking who sent an email and avoiding clicking on links in any email;
- Using a VPN correctly; simple as it sounds, they may need reminding to turn it on when accessing your company data;
- Legal requirements, such as the European GDPR, so they know what they are and aren’t allowed to do with company and customer data.
Be sure to cover industry- and company-specific topics too – data and online security training should be ongoing rather than a one-off.
7. Keep tabs on where information is stored
If your employees are taking company devices home, you have to record who is in possession of what. It means even a simple Google sheet with updated information will help to keep track of your data.
Losing information due to carelessness can be just as dangerous as doing so because of complacency. If information is being taken off-premises, make sure there is a written record of who has what and when it was checked out.
In June 2021, secret documents belonging to the UK Ministry of Defence were found at a bus stop. The data breach was only uncovered when the papers were handed over to the BBC – an embarrassing episode that shows even those who need to keep data safe can get things wrong sometimes.
8. Review your safety procedures
While it’s great to have measures in place to reduce the risk of a data breach at your company, it’s even better to check their effectiveness regularly.
In the third quarter of 2022, around 15 million web users worldwide were affected by a data breach, showing how prevalent the dangers can be. Make sure you are taking your company’s cybersecurity seriously.
If you find that your safety measures aren’t enough, it may be time to look into options you haven’t yet explored. Trying new security software can be a good example of this.
Summing up: Protecting your company’s information is important
Using just one security measure in isolation is less effective than using many in unison. Depending on the size and nature of your company, it can be necessary to use as many cybersecurity measures as is reasonably possible.
You can face significant costs if you do experience a data breach. Your operations could be damaged, you may need to pay significant sums of compensation, and your reputation with customers and clients could be forever damaged.
The list above contains some of the most effective methods of keeping your company safe from a data breach. Follow as many as you can, and your risk should stay low. Investing in data security will reap long-term benefits for your organization.
Subscribe to weekly updates
You’ll also receive some of our best posts today