Best Practices for Data Security Compliance: Ensuring Safety for Your Business and Staff
Contrary to many TV shows and movies, most data hacks aren’t solely the work of a computer mastermind. One of the biggest
Contrary to many TV shows and movies, most data hacks aren’t solely the work of a computer mastermind. One of the biggest risks a company faces is from those employees who have access to sensitive information like customer records.
While some data security incidents can be caused by a disgruntled employee who maliciously steals and/or releases the information, two of the most common causes of data hacks include an employee accidentally releasing malware into your system and third-party businesses and partners who compromise the data.
According to a 2017 Dell survey, nearly half (45%) of employees engage in some amount of unsafe behavior during the workday. These actions can include connecting to unsafe WIFI or a personal email to access confidential work and losing a company work device.
Data Security Strategies to Safeguard Your Organization
After all this, it might seem like a foregone conclusion that a data hack is imminent for your company. While no company should consider itself immune from one, there are a number of steps and safeguards organizations can implement to protect themselves from cyber threats. These include having a formalized data security policy and incorporating data security best practices into your employee onboarding and ongoing training.
Common Tips for Phishing Prevention
According to Symantec’s 2017 Internet Security Threat Report, email remains the most common entry point for malware into an organization. Some of the most common “tricks” for hackers that employees should look out for include:
- Dangerous attachments and links – particularly invoices: One of the ways hackers are most successful in gaining access to a company’s network is by sending employees emails with fraudulent links or attachments that appear to be about important business matters – most commonly, invoices. It’s not a surprise, no one wants to be late on an invoice. However, these often include an .exe file that runs a program designed to give a hacker remote access to the computer.
- Slightly “off” email addresses: The general rule of thumb is to only open messages from known contacts. So, naturally, hackers are now attempting to have their messages appear to be from someone the recipient already knows or a seemingly reputable organization. They’ll do so by changing a letter or adding a hyphen to the email domain. For example, an email domain may normally appear as “@companyname.com,” whereas the fraudulent version would appear as, “@company-name.com.” If the tone or content of a message appears off, look to see if the email address is a fake one.
- “You’ve been hacked” popup: Another common trick is popups alerting a person of a hack. They look and read like an official warning, urging the user to either click on a link or install a program to resolve the problem. What this really does is give a hacker access to the computer, and subsequently, the network to which it is connected.
There’s a lot of companies and individuals can do to protect themselves from data hacks – much more than we can relay in a single blog post. For a deeper dive into the technological threats around office and employee relocations, see our latest white paper: Big Data, Cyber Threats and Relocation: How to Keep Your Organization’s Data Secure in Times of Transition!