Data is the lifeblood of your organization, and a data breach is one of the most dangerous and costly attacks your business could face. Enterprise Strategy Group estimates that just one record breach costs a business up to $150, and you can rest assured hackers don’t just steal one record. Coupled with a loss of customer loyalty, damage to reputation, lawsuits, and legal fees, most small and medium sized businesses simply can’t afford to have their data breached.
So what should you do?
Familiarize yourself with your network
Identify your business’s critical systems, and monitor any vulnerabilities that can allow access to your sensitive data. For example, a hacker can spot an open port in a misconfigured firewall and breach it, easily gaining access to your network and your information. Everything from rogue access points to botnet malware to misconfigured routers act as an open door for hackers.
Be wary of internal threats
Employees with access to your sensitive data know that data’s worth. There are plenty of cases where database or file server admins have been caught selling their employer’s data, and the number of internal data thefts are on the rise. Monitor your employee’s workstation logs for information regarding their activities, such as non-compliant folder sharing and unauthorized software installation.
Mitigate your business’s risk of data theft by defining clear policies addressing unsafe behavior. Something as innocuous as an employee using their own USB to transfer data can prove a threat, so it’s important to ensure your employees understand the policies you set.
Ensure your file transfers are secure
Free services like Dropbox pose a couple of threats to businesses, namely that files are sent without encryption, users have no control over transferred files, and options like session auditing are practically nonexistent. Opt for a secure managed file transfer server and set policies that define how your employees can transfer files.
Too many businesses treat compliance as a box to be checked, whether it’s HIPAA, SOX or PCI. Regulations like these are put in place to protect confidential information and prevent data loss. Rather than simply focusing on just passing an audit, work to put effective controls in place.