{"id":9111,"date":"2015-05-19T10:30:41","date_gmt":"2015-05-19T15:30:41","guid":{"rendered":"http:\/\/www.mrc-productivity.com\/blog\/?p=9111"},"modified":"2022-11-22T16:03:05","modified_gmt":"2022-11-22T22:03:05","slug":"is-your-business-data-really-secure-part-2","status":"publish","type":"post","link":"https:\/\/www.mrc-productivity.com\/blog\/2015\/05\/is-your-business-data-really-secure-part-2\/","title":{"rendered":"Is your business data really secure? (Part 2)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-725\" alt=\"Education\" src=\"https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2010\/11\/Education.jpg\" width=\"76\" height=\"100\" \/><span style=\"font-size: 14px;\"><em>Summary: With data breaches on the rise, security becomes more important than ever. Is your company (unwittingly) putting your data at risk? Are you following best practices for data security? Learn 7 more ways to better secure your data. <\/em><br \/><\/span><br \/>\n<a name=\"20150518\"><\/a><!--more--><br \/>\n<figure id=\"attachment_9131\" aria-describedby=\"caption-attachment-9131\" style=\"width: 199px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2015\/05\/links-of-the-chain-517550_640-199x300.jpg\" alt=\"photo credit: Didgeman via pixabay cc\" width=\"199\" height=\"300\" class=\"size-medium wp-image-9131\" srcset=\"https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2015\/05\/links-of-the-chain-517550_640-199x300.jpg 199w, https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2015\/05\/links-of-the-chain-517550_640.jpg 426w\" sizes=\"auto, (max-width: 199px) 100vw, 199px\" \/><figcaption id=\"caption-attachment-9131\" class=\"wp-caption-text\">photo credit: <a href=\"http:\/\/pixabay.com\/en\/links-of-the-chain-chain-iron-metal-517550\/\">Didgeman<\/a> via <a href=\"http:\/\/pixabay.com\/\">pixabay<\/a> <a href=\"http:\/\/creativecommons.org\/publicdomain\/zero\/1.0\/deed.en\">cc<\/a><\/figcaption><\/figure><\/p>\n<p>Like a chain, your data security is only as strong as your weakest link. You may have the strongest security protocols in place, but one small misstep can compromise your entire system. <\/p>\n<p>Have you taken every security precaution? Is your business data really secure?<\/p>\n<p>In the <a onclick=\"_gaq.push(['_trackEvent', 'Blog', 'Inside Link', 'Business Data Secure']); \" href=\"https:\/\/www.mrc-productivity.com\/blog\/2015\/03\/is-your-business-data-really-secure-part-1\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red;font-weight: bold\">first part of this article<\/span><\/a>, we covered 7 important security tips that you can\u2019t ignore:<\/p>\n<ul class=\"arrow-list colored\">\n<li>Avoid spreadsheet overuse<\/li>\n<li>Create password policies<\/li>\n<li>Use 2-factor authentication<\/li>\n<li>Monitor user workstations<\/li>\n<li>Hold security and awareness training<\/li>\n<li>Create a good rapport with end users<\/li>\n<li>Limit data access<\/li>\n<\/ul>\n<p>But, that\u2019s just the tip of the iceberg. Security is such a broad topic, and one that we can\u2019t possibly cover in a single article. <\/p>\n<p>Today, let\u2019s dive deeper into the topic. What others steps can you take to keep your business data secure? Here are 7 more important tips: <\/p>\n<h3>1. Don\u2019t rely on anti-virus<\/h3>\n<p>Many consumers (and even some businesses) wrongly assume that security starts and ends with anti-virus software. But, will anti-virus software truly protect your business data from modern cyber attacks? No. Anti-virus is just a small part of the security landscape.<\/p>\n<blockquote style=\"line-height: 1.7em; background-image: none; margin-left: 0; padding-left: 18px; height: auto;\"><p>\n\u201cOnce the trusted umbrella of protection for everyone, anti-virus solutions now provide a false sense of security for most,\u201d says John Thompson, Director, Systems Engineering of <a onclick=\"_gaq.push(['_trackEvent', 'Blog', 'Source', 'ThreatSTOP']); \" href=\"http:\/\/www.threatstop.com\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red;font-weight: bold\">ThreatSTOP<\/span><\/a>. \u201cAnti-virus solutions offer credible protection for older issues but, today&#8217;s cyber criminals know this and have adapted. Today, most attacks first seek to disable a device&#8217;s anti-virus. They also disguise its compromised status from the management server so the attack can continue undetected and spread. Companies can leverage anti-virus by adding a complimentary layer of non-host based security to block certain inbound and outbound traffic. Simply, by using a continually updated shared intelligence of bad and suspect IP addresses, a firewall can block malware&#8217;s attempts to communicate in real-time. As Gartner reports that &#8220;malware is already inside your organization,&#8221; this strategic approach effectively blocks attacks faster and, should malware find its way onto a device, cuts the lines of communication so the bad guys can&#8217;t &#8220;call home&#8221; and leak data to 3rd parties or damage additional IT assets.\u201d\n<\/p><\/blockquote>\n<h3>2. Keep employees informed<\/h3>\n<p>Your data security is only as strong as its weakest point. For many companies, that point is uninformed employees. While most companies have security policies, not every company makes them accessible. <\/p>\n<p>If you want employees to follow your security policy, ensure that it\u2019s always available (and that they know where to get it.) Don\u2019t let ignorance lead to a data breach.<\/p>\n<blockquote style=\"line-height: 1.7em; background-image: none; margin-left: 0; padding-left: 18px; height: auto;\"><p>\n\u201cMake sure all employees are aware of the data security policies,\u201d says Sean Merat, CEO of <span style=\"color: red;font-weight: bold\">Witkit<\/span>. \u201cThere are times when data is compromised simply because an employee is unaware of certain policies. When all staff is made aware of the importance of security, and how to safely send information, the chances of a weak link compromising sensitive information significantly lessens.\u201d\n<\/p><\/blockquote>\n<h3>3. Develop a security-first mindset<\/h3>\n<figure id=\"attachment_8117\" aria-describedby=\"caption-attachment-8117\" style=\"width: 236px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2014\/07\/small_2961565820.jpg\" alt=\"photo credit: dierk schaefer via photopin cc\" width=\"236\" height=\"240\" class=\"size-full wp-image-8117\" \/><figcaption id=\"caption-attachment-8117\" class=\"wp-caption-text\">photo credit: <a href=\"https:\/\/www.flickr.com\/photos\/dierkschaefer\/2961565820\/\">dierk schaefer<\/a> via <a href=\"http:\/\/photopin.com\">photopin<\/a> <a href=\"http:\/\/creativecommons.org\/licenses\/by\/2.0\/\">cc<\/a><\/figcaption><\/figure>\n<p>Security must be a company-wide goal. <\/p>\n<p>Your company may have the most comprehensive security guidelines. You may communicate those guidelines clearly to your employees. You may have the best security software. But, it\u2019s all meaningless if you lack one key element: A security-first mindset.<\/p>\n<p>For instance, what if the IT department or the C-level executives aren\u2019t following proper security protocols? What message does that send to your employees? Actions speak louder than words. If your entire business doesn\u2019t have a security-first mindset, it will be clear to your employees.<\/p>\n<blockquote style=\"line-height: 1.7em; background-image: none; margin-left: 0; padding-left: 18px; height: auto;\"><p>\n\u201cDevelop a security-first mindset, make it a C-level responsibility and verify with an expert,\u201d says Carl Mazzanti, CEO of <a onclick=\"_gaq.push(['_trackEvent', 'Blog', 'Source', 'eMazzanti Technologies']); \" href=\"http:\/\/www.emazzanti.net\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red;font-weight: bold\">eMazzanti Technologies<\/span><\/a>. \u201cEverything that you do relates to data security from backups to business continuity planning to hardware, software, networks and all of the people in the organization. The doer shouldn&#8217;t be the checker. You always need someone that you can trust to come in to guide the data security and continuity planning process. I am continually in touch with the data security space and work aggressively to help my clients make the best security technology decisions.\u201d\n<\/p><\/blockquote>\n<h3>4. Backup the backups<\/h3>\n<p>Data security is more than protecting yourself from attackers. It also involves creating regular data backups to protect yourself against data loss in any form.<\/p>\n<p>But, research shows these important practices go ignored. <\/p>\n<p>For instance,  <a onclick=\"_gaq.push(['_trackEvent', 'Blog', 'Inside Link', 'backup survey']); \" href=\"http:\/\/www.net-security.org\/secworld.php?id=15095\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red;font-weight: bold\">this survey<\/span><\/a> finds that 53% of SMBs do not even conduct daily backups. <\/p>\n<p><a onclick=\"_gaq.push(['_trackEvent', 'Blog', 'Inside Link', 'storage study']); \" href=\"http:\/\/www.intronis.com\/cloud-backup-resources\/ebooks-whitepapers\/online-backup-vs-tape\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red;font-weight: bold\">Another study<\/span><\/a> finds that over 34% of companies do not test their backups and of those tested 77% found that tape backups failed to restore. <\/p>\n<p>Let me ask you a question: How are you backing up up your data? Do you watch your automatic backups to ensure they\u2019re working? Are you backing up your backups? <\/p>\n<blockquote style=\"line-height: 1.7em; background-image: none; margin-left: 0; padding-left: 18px; height: auto;\"><p>\n\u201cCloud storage is becoming cheaper by the day and reliability is improving,\u201d says David Zimmerman, CEO of <a onclick=\"_gaq.push(['_trackEvent', 'Blog', 'Source', 'LC Technology International']); \" href=\"http:\/\/www.lc-tech.com\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red;font-weight: bold\">LC Technology International<\/span><\/a>. \u201cIt\u2019s a viable option for backups, but make sure you don\u2019t simply move all of your data storage to the cloud. You want redundancy, which means a mixture of cloud and on-premises storage. For the most sensitive data, consider a private cloud and\/or saving information to hard drives that are kept in a locked safe. Cloud data access does rely on internet access, so physical media can still be useful if you can\u2019t get online.\u201d\n<\/p><\/blockquote>\n<h3>5. Stage fake attacks<\/h3>\n<figure id=\"attachment_9132\" aria-describedby=\"caption-attachment-9132\" style=\"width: 300px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2015\/05\/romans-342413_640-300x168.jpg\" alt=\"photo credit: s2dent via pixabay cc\" width=\"300\" height=\"168\" class=\"size-medium wp-image-9132\" srcset=\"https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2015\/05\/romans-342413_640-300x168.jpg 300w, https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2015\/05\/romans-342413_640.jpg 640w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><figcaption id=\"caption-attachment-9132\" class=\"wp-caption-text\">photo credit: <a href=\"http:\/\/pixabay.com\/en\/romans-romans-legionaries-342413\/\">s2dent<\/a> via <a href=\"http:\/\/pixabay.com\/\">pixabay<\/a> <a href=\"http:\/\/creativecommons.org\/publicdomain\/zero\/1.0\/deed.en\">cc<\/a><\/figcaption><\/figure>\n<p>In the <a onclick=\"_gaq.push(['_trackEvent', 'Blog', 'Inside Link', 'Business Data Secure']); \" href=\"https:\/\/www.mrc-productivity.com\/blog\/2015\/03\/is-your-business-data-really-secure-part-1\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red;font-weight: bold\">first part of this article<\/span><\/a>, we highlighted the importance of security training. But, how much of that training will an employee retain?<\/p>\n<p><a onclick=\"_gaq.push(['_trackEvent', 'Blog', 'Inside Link', 'forgetting curve']); \" href=\"http:\/\/www.learningsolutionsmag.com\/articles\/1379\/brain-science-the-forgetting-curvethe-dirty-secret-of-corporate-training\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red;font-weight: bold\">Research shows<\/span><\/a> that within one hour, people will forget an average of 50% of the information presented. Within 24 hours, they have forgotten 70%. In a week, it\u2019s up to 90%. No matter how much great information you teach, employees will forget nearly everything. That\u2019s pretty depressing, isn\u2019t it?<\/p>\n<p>How can you get these security principles through to your employees? Here\u2019s one way: Set up fake attacks. Employees will learn key security principals much faster if they experience them first hand.<\/p>\n<blockquote style=\"line-height: 1.7em; background-image: none; margin-left: 0; padding-left: 18px; height: auto;\"><p>\n\u201cStage fake phishing attacks,\u201d says <a onclick=\"_gaq.push(['_trackEvent', 'Blog', 'Source', 'BestIDTheftCompanys.com']); \" href=\"http:\/\/robertsiciliano.com\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red;font-weight: bold\">Robert Siciliano<\/span><\/a>, Identity Theft Expert with BestIDTheftCompanys.com. \u201cSee who gets duped into clicking a \u2018malicious\u2019 email link by sending staged phishing emails to employees\u2019 inboxes. Of course, the site that the \u2018malicious\u2019 link leads to will be safe. These test emails should contain clues that they&#8217;re not from the alleged sender.\u201d\n<\/p><\/blockquote>\n<p>What happens if employees fall for these traps? Use it as a learning experience.<\/p>\n<blockquote style=\"line-height: 1.7em; background-image: none; margin-left: 0; padding-left: 18px; height: auto;\"><p>\n\u201cDon\u2019t embarrass your employees,\u201d says Siciliano. \u201cDon\u2019t waste time criticizing employees who fall for your pseudo traps. Instead, help them understand why it&#8217;s critical for them to be on guard\u2014the next trap could be the real thing.<\/p>\n<p>Share the details about how to spot a phishing scam. For instance, grammatical and spelling errors in an email are one tip-off it\u2019s probably malicious. Also, if the sender\u2019s URL contains an IP address or seems to originate from a domain that\u2019s different from the purported sender\u2019s domain, it&#8217;s most likely not legit.\u201d\n<\/p><\/blockquote>\n<h3>6. Implement systems to track data and user access<\/h3>\n<p>We hear all about data breaches caused by organized teams of hackers in other countries. These types of breaches make the news.<\/p>\n<p>Do you know what doesn\u2019t make the news? The disgruntled employee who steals data on the way out of the company. The user who has too much data access. While often ignored, these are bigger risks to more companies than a coordinated group of super-hackers. As explained below, creating a formal system to track accounts and user access is an invaluable security step.<\/p>\n<blockquote style=\"line-height: 1.7em; background-image: none; margin-left: 0; padding-left: 18px; height: auto;\"><p>\n\u201cOne of the pitfalls I see in many small businesses is no formal system for keeping and tracking critical accounts and passwords,\u201d says Garrett Perks, Principal and Creative Director at <a onclick=\"_gaq.push(['_trackEvent', 'Blog', 'Source', 'EvenVision']); \" href=\"http:\/\/evenvision.com\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red;font-weight: bold\">EvenVision<\/span><\/a>. \u201cHave a system in place to track each account, who has access to it, and how access can be managed.<\/p>\n<p>This becomes especially important if a staff member leaves unexpectedly, or needs to be let go. Knowing what they have access to &#038; how to regain access in their absence is key. Being able to terminate access when terminating an employee is also essential. A disgruntled past-employee can cause serious harm if the employer doesn&#8217;t know exactly what they have access to and isn&#8217;t able to rapidly manage access to pass control to someone else.\u201d\n<\/p><\/blockquote>\n<h3>7. Keep all systems patched<\/h3>\n<figure id=\"attachment_7437\" aria-describedby=\"caption-attachment-7437\" style=\"width: 160px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2014\/01\/small_9530886897.jpg\" alt=\"photo credit: archer10 (Dennis) via photopin cc\" width=\"160\" height=\"240\" class=\"size-full wp-image-7437\" \/><figcaption id=\"caption-attachment-7437\" class=\"wp-caption-text\">photo credit: <a href=\"http:\/\/www.flickr.com\/photos\/archer10\/9530886897\/\">archer10 (Dennis)<\/a> via <a href=\"http:\/\/photopin.com\">photopin<\/a> <a href=\"http:\/\/creativecommons.org\/licenses\/by-sa\/2.0\/\">cc<\/a><\/figcaption><\/figure>\n<p>The Open Web Application Security Project (OWASP) is a highly-respected online community dedicated to web application security. Their \u201c<a onclick=\"_gaq.push(['_trackEvent', 'Blog', 'Inside Link', 'OWASP Top Ten']); \" href=\"https:\/\/www.owasp.org\/index.php\/Top10#OWASP_Top_10_for_2013\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red;font-weight: bold\">OWASP Top Ten<\/span><\/a>\u201d list outlines the biggest security vulnerabilities facing modern web applications. <\/p>\n<p>Number 9 on their list: Using Components with Known Vulnerabilities. It\u2019s a common problem. Businesses fail to keep their systems patched with the latest updates, leaving an open door to an outside attacker. <\/p>\n<blockquote style=\"line-height: 1.7em; background-image: none; margin-left: 0; padding-left: 18px; height: auto;\"><p>\n\u201cIt is very useful to set an automatic program updates, including operating system updates,\u201d says Vasiliy Ivanov, CEO at <a onclick=\"_gaq.push(['_trackEvent', 'Blog', 'Source', 'KeepSolid']); \" href=\"http:\/\/www.keepsolid.com\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red;font-weight: bold\">KeepSolid<\/span><\/a>. \u201cThe statistics show that unpatched devices are more likely to get hacked as their software has more vulnerabilities, easily exploited by phishers and hackers.\u201d\n<\/p><\/blockquote>\n<h3>Summary<\/h3>\n<p>While this list could certainly go on, the points listed above are some great tips for securing your business data. What do you think? Would you add anything to the list? If so, please feel free to share in the comments.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary: With data breaches on the rise, security becomes more important than ever. Is your company (unwittingly) putting your data at risk? Are you following best practices for data security? Learn 7 more ways to better secure your data.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","slim_seo":{"title":"Is your business data really secure? (Part 2) - mrc&#039;s Cup of Joe Blog","description":"Summary: With data breaches on the rise, security becomes more important than ever. Is your company (unwittingly) putting your data at risk? Are you following b"},"footnotes":""},"categories":[8],"tags":[71],"class_list":["post-9111","post","type-post","status-publish","format-standard","hentry","category-education","tag-security"],"_links":{"self":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/9111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/comments?post=9111"}],"version-history":[{"count":8,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/9111\/revisions"}],"predecessor-version":[{"id":14115,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/9111\/revisions\/14115"}],"wp:attachment":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/media?parent=9111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/categories?post=9111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/tags?post=9111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}