{"id":8992,"date":"2015-03-24T10:00:03","date_gmt":"2015-03-24T15:00:03","guid":{"rendered":"http:\/\/www.mrc-productivity.com\/blog\/?p=8992"},"modified":"2022-11-22T13:57:19","modified_gmt":"2022-11-22T19:57:19","slug":"is-your-business-data-really-secure-part-1","status":"publish","type":"post","link":"https:\/\/www.mrc-productivity.com\/blog\/2015\/03\/is-your-business-data-really-secure-part-1\/","title":{"rendered":"Is your business data really secure? (Part 1)"},"content":{"rendered":"

\"Education\"Summary: With data breaches on the rise, security becomes more important than ever. Is your company (unwittingly) putting your data at risk? Are you following best practices for data security? Learn 7 ways to better secure your data.<\/em><\/span>
\n<\/a>
\nThey say that \u201cany press is good press.\u201d But, I\u2019d guess that any of those companies who suffered widely publicized data breaches recently would argue with that. <\/p>\n

Does it feel like data breaches are becoming more frequent? It\u2019s true. A recent IBM report finds a 12% year-to-year increase in security incidents. What’s worse: These breaches lead to reputation damage, lost productivity, and lost revenue.<\/p>\n

With that in mind, let me ask you a question: Is your business data secure?<\/p>\n

What steps are you taking to ensure that your company doesn\u2019t make the news for a security incident? Today, let\u2019s focus on that topic. How can you keep your business data secure? While the list could be much longer, here are 7 important tips:<\/p>\n

1. Avoid spreadsheet overuse<\/h3>\n
\"photo
photo credit: subflux<\/a> via photopin<\/a> cc<\/a><\/figcaption><\/figure>\n

Let\u2019s start off with one of the biggest threats to data security: Spreadsheets. Many businesses put their data at risk because they rely too heavily on spreadsheets. They store critical business data in spreadsheets. Or, they export data from their business systems into spreadsheets for reporting.<\/p>\n

Why is this such a problem? Once your data is in a spreadsheet, it\u2019s vulnerable. What happens when a user shares that spreadsheet with other users? What happens when those users edit the data and share it with others? Soon, you have multiple versions of the same data floating around, beyond your control. <\/p>\n

Which version is accurate? How many different spreadsheets exist? Where are they stored? Did any users make a data entry mistake, or somehow tarnish the data? There\u2019s no way to know.<\/p>\n

How bad is this problem? Studies have found that over 80% of spreadsheets contain critical errors. User groups<\/span><\/a> now exist to warn businesses about the dangers of spreadsheets<\/span><\/a>. If your company still relies heavily on spreadsheets, your data is already at risk.<\/p>\n

2. Create password policies<\/h3>\n
\"photo
photo credit: David Chartier via photopin<\/a> cc<\/a><\/figcaption><\/figure>\n

End users have notoriously bad password habits. How bad? According to this annual list of the most popular passwords<\/span><\/a> over the last year, \u201c123456\u201d, \u201cpassword\u201d, and \u201c12345\u201d top the charts. That\u2019s right. It\u2019s that bad. Without a strict password policy, your employees can unwittingly put your data at risk with weak passwords.<\/p>\n

\n“One way businesses can secure their data is by taking a look at employee password habits and implementing a companywide password policy,\u201d says Joe Siegrist, the co-founder and CEO of LastPass<\/span><\/a>. \u201cUnfortunately, many of your employees probably have pretty terrible password hygiene and are making mistakes like storing their passwords in word docs, sticky notes, sharing passwords with co-workers via email, using the same passwords for business and personal accounts and using weak, easily crackable passwords. Poor password hygiene can result in a costly data breach or hack.\u201d\n<\/p><\/blockquote>\n

3. Use 2 factor authentication<\/h3>\n

Now, a strict password policy helps, but it\u2019s just one step in the process. What happens if a hacker gains access to one of your employee\u2019s passwords? How can you protect your data?<\/p>\n

Two-factor authentication<\/span><\/a> (2FA) is a great way to combat this risk. It adds a second layer of security to your applications. Rather than identifying users with a single factor (user\/password), it adds another identification factor–usually a pin number delivered via sms. This is a great method to add extra protection to your most sensitive data.<\/p>\n

\n\u201cPasswords remain a primary source of breeches, and will forever be that way as long as a human is required to remember something,\u201d says Conrad Smith, CISO of Bitium<\/span><\/a>. \u201cWhether it’s a simple password guessing attack against your Twitter account or a sophisticated spear-phishing attack against executives, the impact of a successful attempt to compromise a password can be mitigated by enabling and enforcing 2FA. With 2FA, even a if password is compromised, without that other piece of information (something you have or know), the attackers cannot access the account.\u201d\n<\/p><\/blockquote>\n

4. Monitor user workstations<\/h3>\n
\"photo
photo credit: tpsdave<\/a> via pixabay<\/a> cc<\/a><\/figcaption><\/figure>\n

Here\u2019s another password-related problem: How will employees remember multiple, complex passwords? If you impose strict password policies, users need a way to remember their passwords. <\/p>\n

What do they do? Many write their passwords on sticky notes and leave them on their desks–defeating the point of a password in the first place. To combat this, perform periodic security checks on your employee\u2019s workstations.<\/p>\n

\n\u201cThis helps make sure that desks aren\u2019t security violations,\u201d says Robert Siciliano, Security Expert with TheBestCompanys.com<\/span>. \u201cThink sticky notes with sensitive information, such as passwords, on them. Are filing cabinets locked? Are computers left on without password protection when employees are away from their desks?\u201d\n<\/p><\/blockquote>\n

How can you enforce a strict password policy, while ensuring that users aren\u2019t posting their passwords on their desks? Use a password manager.<\/p>\n

\n\u201cUsing a password manager within your organization is an effective way to manage employee passwords and ensure that every employee is protecting your business’ sensitive information properly,\u201d explains Siegrist. \u201cMost password managers offer features like password generators to ensure employees are using unique passwords for each and every account and password sharing features which make it easier to share passwords within your organization. Since all employees’ passwords are stored in one secure location, it will encourage them to create unique passwords for their business and personal accounts.”\n<\/p><\/blockquote>\n

5. Hold security and awareness training<\/h3>\n

Hackers aren\u2019t usually the biggest threat to your data security. The fact is, uninformed employees are often your biggest threat. Many don\u2019t understand proper security habits. They don\u2019t realize their actions put the company at risk. It will stay that way unless businesses ensure that their users understand best security practices.<\/p>\n

\n\u201cBusinesses not only need to be concerned with combating the external data security threat posed by hackers and intrusions, but considerable focus and resources should also be aimed at combating the internal threat as well,\u201d says Brian D. Kelley, Chief Information Officer at Portage County<\/span><\/a>. \u201cEmployees are in fact one of the biggest data security threats. Data theft, tampering with records, and misuse of personal and business technology in the workplace are a serious and formidable threat to data security in the workplace today. Businesses need to have a strong Security Education, Training, and Awareness (SETA) program in place. Strong data security policies, enforcement, and monitoring are essential to securing data from the inside threat.\u201d\n<\/p><\/blockquote>\n

6. Create a good rapport with end users<\/h3>\n
\"photo
photo credit: nuggety247<\/a> via pixabay<\/a> cc<\/a><\/figcaption><\/figure>\n

In some companies, there\u2019s a disconnect between the IT department and the end users. Both sides have an \u201cus vs. them\u201d mentality. The users feel like IT gets in their way, and the IT department feels like users can\u2019t be trusted. The problem is, this disconnect puts your business data at risk.<\/p>\n

If end users don\u2019t respect the IT department (or vice-versa), do you really think they\u2019ll respect their security policies? No. <\/p>\n

\n\u200b\u201dHaving a good rapport with your end users is vital to securing your data,\u201d says Brad Meyer, IT Manager at TechnologyAdvice<\/span><\/a>. \u201cIt doesn’t matter how many policies you may put in place–if your end users don’t respect your IT department, how are you going to truly enforce these policies and expect them to listen to you when you tell them the importance of securing their data? Once you build that rapport, your end users are much more willing to be trained and accept policies.\u201d\n<\/p><\/blockquote>\n

7. Limit data access<\/h3>\n

Allowing too much data access is another critical security mistake businesses make. They give users access to all of their data. This opens the business up to all sorts of security risks. For instance, what happens if a user decides to copy data to a personal device and bring it home? What happens when a user accidentally deletes data, or enters new data incorrectly?<\/p>\n

\n“One of the most important steps in keeping business data safe is to tightly control access to any sensitive data, and that includes administrators, says Jon Gossels, President of SystemExperts<\/span><\/a>.<\/p>\n

Nobody should have access without oversight and logging.<\/p>\n

Make sure that every user has the least privileges necessary to perform their job and that every user has his own unique login credentials so that actions can be traced.<\/p>\n

If you have computers on-site, make sure they are used only for business (e.g., don\u2019t allow anything to be downloaded or for people to browse the Internet), and make sure you have constantly updated anti-virus software running at all times – and keep those computers isolated\/segregated from any other networks or computers you may have.”\n<\/p><\/blockquote>\n

Summary<\/h3>\n

Now, these are just the first 7 tips to help businesses keep their data secure. I\u2019ll be covering more tips in the next few weeks. Stay tuned!<\/p>\n

So, what do you think? Is there anything you would add to this list? If so, please share your thoughts in the comments.<\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: With data breaches on the rise, security becomes more important than ever. Is your company (unwittingly) putting your data at risk? Are you following best practices for data security? Learn 7 ways to better secure your data.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","slim_seo":{"title":"Is your business data really secure? (Part 1) - mrc's Cup of Joe Blog","description":"Summary: With data breaches on the rise, security becomes more important than ever. Is your company (unwittingly) putting your data at risk? Are you following b"},"footnotes":""},"categories":[8],"tags":[71],"class_list":["post-8992","post","type-post","status-publish","format-standard","hentry","category-education","tag-security"],"_links":{"self":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/8992","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/comments?post=8992"}],"version-history":[{"count":11,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/8992\/revisions"}],"predecessor-version":[{"id":14110,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/8992\/revisions\/14110"}],"wp:attachment":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/media?parent=8992"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/categories?post=8992"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/tags?post=8992"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}