Digital hacking years ago, used to be more about the pride and ego associated with cracking into a business. Today, hacking is much more of a sinister practise and usually revolves around stealing money from someone in some shape or form. A hacker might work alone, or a network of hackers might work together to complete an online security breach. Digital criminals will constantly be looking out for data to steal. Maybe it will be protected documents or financial documents, it might even be sensitive information or data used for bribery. All private data is valuable in some shape or form and can be used in many different ways. A hacker might sell the data, use the data to steal money, hold the data to ransom, release the data to damage the company – there are endless ways a digital criminal is able to abuse data they have stolen to make a gain.
The most common ways data is breached are:
This is where a hacker will purposely attack a data system, or a person’s individual data, usually trying to get the most sensitive data that is available. Theft may not always be completed by a hacker or an established criminal but could be completed by a former employee, someone who has something against the person or business they are stealing from. More often than not, the theft is completed in order to steal money, whether that is from selling the data, bribery or other means.
The release or exposure of sensitive data can come from loss. Devices left behind in coffee shops or airports, or even portable data storage being left somewhere: all of these mistakes make for easy data theft.
If a company does not have strict strategies and procedures in place to ensure all possible data breaches are avoided, mistakes can happen. Perhaps the old company computers were sold without anybody thoroughly erasing the data on them, or older hard drives are moved on. It isn’t hard for anybody to use a few tricks of the trade to retrieve old data from a device. Systems where the encryption isn’t strong enough or the password protection isn’t good enough, leave a system open to criminals. The paper that isn’t properly destroyed when businesses go paperless is also wide open for theft.
Activities completed on a computer system from any device can leave data open to theft. Removing data, sending data, encrypting data; handling sensitive data leaves it open to theft. Different programmes and systems may not offer full protection of a document during its movement.
Securing Your Business Data
Unfortunately, there are many different ways to have your company’s sensitive data fall into the wrong hands. For most businesses, the implications of a breach are terrifying. A mild breach could cost thousands to fix, a large breach could end the company. There’s nothing dramatic about it, data security breaches are a huge risk and need to be taken seriously. A U.K government study from 2016 showed that two-thirds of businesses have experienced a data breach within the last year, and yet only 50% of businesses in the study have done something to spot and deal with vulnerabilities, only a third had a proper cyber security policy in place, and only 10% had a cyber incident management plan.
Your business does not need to become part of shocking statistics used to warn others. Your company story does not need to be one of the lessons learnt, you can act now to secure your business data.
Here are 8 ways to secure your business data:
1. Make sure that employees are fully trained on looking out for potential security threats. For example; they understand what a suspicious email or link looks like. Make sure there is a clear plan in place for them to follow if they do spot anything suspicious. The UK government cyber-security report for 2017 stated that the most common cyber-security breaches related to employees receiving fraudulent emails. Employees should understand how vital they are in keeping the company secure, especially when it comes to human error.
2. Consider investing in a security audit. Even if you think you know which parts of your business are vulnerable to a security breach, having somebody qualified and external to the company who is knowledgeable about the latest, sophisticated threats on company data will give you an invaluable insight into how your company is vulnerable. Have your entire IT infrastructure looked at, including all devices, so that you can be clear on what needs doing to keep thieves well away from your data.
3. Ensure that all passwords used are very strong, and ensure there are plenty of them as well. This sounds so simple, but passwords can often be something completed without much thought. A simple password is created, that the person thinks is ideal as everyone can remember it, only it is extremely easy for the hacker to guess, and before long they are into your system. Complex passwords are much more effective because hackers won’t be able to guess it, and they won’t be able to use something called a dictionary attack where a tool tries words and numbers together to crack a password. There should also be several passwords, not just one. In all instances, passwords should never be written down, and if they are shared on a network that network should be extremely secure.
4. Encrypt data wherever you can. It is an invaluable security tool to use and protects data if it is stolen.
5. Ensure all data is backed up so that if you lose it, you have a way to access it. For example; if data is stolen and encrypted, the hacker can’t use it but neither can you if you don’t have a backup.
6. Ensure there are clear policies in place and that those policies are communicated. Often companies will have a clear set of security policies in place, but the poor communication of those policies means there are gaps in security. For example; it is a policy that no secure data is provided over the phone, only there have been several new members of staff employed in department A, and they have been trained on how to use the phones before they have been trained on security, so they are already giving out secure information in their first few days on the job. Another example might be where a new policy is created and the memo was sent out whilst the receptionist was on holiday, she ignores the email when she gets back and so she never knows about the new policy. Ensuring that all staff have to sign a memo, or setting a confirmation emails have been opened and by who, are great ways to ensure staff know about policies. Having a training system for new staff where they cannot do certain actions until security training has taken place, is another great way to avoid policies being ignored or bypassed.
7. Check that any members of your team that are remote or mobile are also protected. These members of your team are more likely to work on open networks in coffee shops, at airports and in public spaces. This leaves data wide open for theft, so protocols and procedures need to be well thought out to ensure data stays safe wherever and however your workforce access it.
8. Use multi-technology in all cases to protect against all types of potential data threats. Hackers are a major threat, but viruses affect even more businesses than hacks do, and they can have devastating effects. In May this year, one of the biggest cyber-attacks to ever take place affected industries all over the world. The ransomware infection, called WannaCry, managed to infect systems in 99 different countries. The ransomware worked by demanding hundreds of dollars in Bitcoin to unlock files on each individual computer. Banks, public health services, telecoms companies and utility companies were just some affected. The virus was incredibly sophisticated, managing to find vulnerable computers and infect them and relying on tricking people into opening innocent-looking attachments at which point the program would spread into the computer. This attack alone cost many companies in many industries a lot of money and caused massive disruption. Prevent your company from falling victim to a sophisticated attack like this using multi-technology protection and the help of experts, including ransomware and cyber security experts.
Securing business data is not easy, and it is a constant battle. However, business is increasingly moving online, and threats are only becoming more and more sophisticated, so it is simply something you need to do if you want your business to survive this digital age.