Sensitive company data, sales reports, files containing negotiating tactics, customer lists, trade secrets, strategic documents, financial information, and intellectual property are all reported stolen by companies. The 2015 Cost of Data Breach Study: Global Analysis report by IBM and Ponemon Institute pegs the average total cost of a data breach to participant companies at $3.7 million.
A survey by Biscom, provider of secure communications software, shows that one in four employees admitted to taking data when leaving a company. About 95 percent of respondents said that it was possible to take data, because companies did not have any foolproof technology or policies in place to prevent theft.
Data breaches and customer data theft dip brand value and erode customer trust. The price that companies have to pay is very high when a high-profile data breach, like that at Ashley Madison, takes place at their company.
Here are a few tips to use to ensure data security and prevent data theft at your company.
1. Set a Strong Data Security Policy
A strong and comprehensive data security policy will ensure that employees, contractors, and vendors are aware of your commitment to confidentiality and privacy of company and customer data.
There are three parts to a comprehensive data protection plan. It involves primarily two policies and one procedure.
Companies must put in place Acceptable Use Policy that outlines how company assets – including data and information – are used.Copying and sharing of files and other information should be strictly monitored. The use of software programs or computer hardware that significantly compromises company security should be strictly prohibited.
Data Classification Policy will help companies have control over the vast amounts of data that is stored in servers and networks.This policy aims at classifying all company data, categorizing the information, and deciding how long particular data should be retained. All departments will have to be equally involved in this process and carry out classification and categorization of data. This also allows companies to chart out methods to protect and control sensitive data.
You should have a streamlined and well documented procedure to properly handle computer and other mobile devices that new employees will use at work.
There should also be strict protocols governing the decommissioning of systems because computer forensic evidence will not be acceptable in the court of law against an employee who has stolen data, if the IT department has significantly altered the computer after his/her departure. You will also require the services of an experienced employment attorney in Dallas to further help you in legal proceedings.
A strong data security policy will make everyone in your organization aware of the rules, and will also make it easier for employees to spot malware or suspicious activity and report them.
2. Manage Your Passwords
Employees will be accessing accounts and networks that require them to sign in with passwords. Educate employees about the need to have a strong password and unique username. They should also be advised to change passwords frequently, or at least every three months.
Also, remember to encourage employees to adhere to the rules on their own. Forcing them to change passwords may prove counterproductive. Cyber security needs employees to play a proactive role.
Sensitive data that employees need is often stored on central networks which can be accessed by logging in. If your employees access highly sensitive data from remote locations, it will be helpful to have a two-step authentication. Once the employee logs in, you can send a credential to a designated device that the employee owns. Access can be confirmed only upon entering the credential. This two-step authentication system will ensure that even if your employee’s device gets stolen, sneaking into your network will be difficult.
3. Ensure That Security Software and Applications Are Updated
The biggest threat to your network security lies in the devices that your employees, both in office as well as remote, use. Ensure that computers, laptops and other mobile devices that employees use do not become boarding points for malware.
Enforce strong policies that will enable your remote employees to use their computers safely. Problems arise when employees surf sites, or install apps or programs that infect their devices. When these devices are connected to the corporate network, then there is a strong possibility of the infection spreading to everything else.
Up to date anti-virus software on all devices joining your network is a must.
Install web protection software to prevent employees from browsing sites that are known to be dangerous or are suspicious.
Operating systems and application software on devices that are used at work should have the latest security patches. Very often, companies overlook updates issued by software vendors, leaving their systems vulnerable to infestations by malicious software.
Data theft has grown to be one of the biggest threats that businesses face today. Leaking of customer profiles, siphoning off funds from corporate accounts, stealing customer credit card data, exposing top-level corporate mails and discussions, and baring intellectual property all comprise data theft. You can never close all loopholes because the Web is vast, deep, and secretive. But, with the right safety procedures and protocols, you can make hacking into your network and systems very difficult, if not impossible.
Elizabeth Stepp is Senior Counsel at Oberheiden Law Group PLLC, one of the leading criminal law firms in Dallas, Texas. She graduated from the prestigious Yale Law School. She has much experience in dealing with financial services litigation and professional malpractice cases.