How To Prevent A Data Breach (for small companies)

2 posts / 0 new
Last post
Anonymous Visitor
How To Prevent A Data Breach (for small companies)

Most companies do their best to prevent a 'data breach' and having their customer's information stolen and posted on the "dark web" (new buzzword alert!) ... Big companies spend millions on security but small companies may struggle keeping their data secure.. Here are some tips based on my experience working at a small (about 500 employees) company that suffered a data breach.. I wont post any details on how our data was stolen, but just a few things to think about in your security planning.

Our online customer portal was bullet-proof and locked down perfectly.. We spent all of our IT budget making sure that the system was as impervious to hackers as possible.. yet, we still had a data breach.. here is what we DIDNT focus on, one of which lead to a simple data breach (the others we learned post-hack):

1) BACKUPS! Where and how do you store your data backups? If you store your backups electronically, online somewhere, is THAT system secure? Is the data itself encrypted? The same with physical (tape, thumdrive, etc) storage - where is it? who has access to it? Is it encrypted ?
2) PAPER COPIES! Do you have any data that is printed? If so, where does that paper go after it's reviewed? Laying around anywhere for anyone to find? In the dumpster where someone can find it? Consider a policy of shredding all paper data and/or a using a secure on-site paper shredding service
3) PEOPLE! The biggest source of data-breaches.. Who has passwords to your data? Is the system they use secure? Could someone social-engineer them into installing a keylogger or some other back-door on their PC? Can they access your data & systems from home using their personal computer which probably has zero protection?
4) PASSWORDS! Are you using strong passwords? Are you using passwords that are SO strong users are forced to write them down on yellow-stickies and paste them to their screen? How are your users storing their passwords? Are you requiring password changes every 30, 60, or 90 days?

There are more ways that your data can be at risk but those are some of the common ones that came up in our post-breach audit.

   

   

AnonyMan
Re: How To Prevent A Data Breach (for small companies)

#3-People... There's the biggest security whole in the entire system...
Get rid of them all and the problem goes away!

Add new comment