[vc_row][vc_column][vc_column_text]Amid growing concerns about cybercrime, consumers are demanding stronger privacy protections for their data. Organizations must be prepared to protect individuals’ personal and confidential data; however, developing a strong cybersecurity strategy poses a multitude of challenges for many companies.
Cyber attackers target companies of all sizes, but small businesses may be the most vulnerable. According to Symantec’s 2016 Internet Security Threat Report, attacks against small businesses (250 or fewer employees) have been steadily increasing, and now comprise 43% of all attacks 1. Why would hackers target small businesses when they likely have less data then larger ones? Well, the reason is that small businesses often lack the resources and in-house expertise needed to implement a robust security plan.
Regardless of where your company’s security strategy currently stands, it is important to regularly reassess how it stacks up against the constantly changing cybersecurity environment. International Data Privacy Day, January 28th, presents a great opportunity to evaluate and improve your company’s security plan. The following 5 tips will get you started on the path to improved data privacy:
1. Limit access to data
Permissions should be assigned on a “need-to-know” basis. By making permissions as restrictive as possible, you are reducing the number of people who could compromise data integrity through unauthorized changes or deletions. Don’t forget to remove permissions as part of the offboarding process when employees leave the company to keep your permissions directory up-to-date and your system secure.
2. Improve network security
Make sure your firewall and antivirus programs are comprehensive and up-to-date. If your company has a bring-your-own device policy, extend these protective measures to all of the devices in your ecosystem.
3. Disaster recovery plan
Backups are important so that you can recover data easily if an attack does occur. Regularly perform backups, and store them in a secure location. In the event of an attack, you should be prepared to further ramp up security. Reassess your security gaps, and develop a plan to head off future attacks.
4. Data lifecycle management
Identify how long you will store data and how you will securely destroy outdated and obsolete data. Don’t forget to inventory any data that is stored in paper files, as physical documents are still at risk for being compromised, lost, or stolen. If you are in the process of moving to a digital document management system, have a plan for how to deal with the original paper copies once they have been migrated to the digital system.
4. Mitigate human error
Data breaches are not limited to outside attacks; many are caused by simple human error. The loss of an unencrypted device or an accidental data leak could pose just as much of a threat to data privacy as a team of hackers. Prevent errors by educating employees about security protocols, as well as by implementing safeguards that make it impossible or at least difficult to make costly mistakes.