Is your business data really secure?

Joe Stangarone, writer,  MRCs Cup of Joe Blog, March 24, 2015

Summary: With data breaches on the rise, security becomes more important than ever. Is your company (unwittingly) putting your data at risk? Are you following best practices for data security? Learn 7 ways to better secure your data.

They say that “any press is good press.” But, I’d guess that any of those companies who suffered widely publicized data breaches recently would argue with that.

Does it feel like data breaches are becoming more frequent? It’s true. A recent IBM report finds a 12% year-to-year increase in security incidents. What’s worse: These breaches lead to reputation damage, lost productivity, and lost revenue.

With that in mind, let me ask you a question: Is your business data secure?

What steps are you taking to ensure that your company doesn’t make the news for a security incident? Today, let’s focus on that topic. How can you keep your business data secure? While the list could be much longer, here are 7 important tips:

1. Avoid spreadsheet overuse
Let’s start off with one of the biggest threats to data security: Spreadsheets. Many businesses put their data at risk because they rely too heavily on spreadsheets. They store critical business data in spreadsheets. Or, they export data from their business systems into spreadsheets for reporting.

Why is this such a problem? Once your data is in a spreadsheet, it’s vulnerable. What happens when a user shares that spreadsheet with other users? What happens when those users edit the data and share it with others? Soon, you have multiple versions of the same data floating around, beyond your control.

Which version is accurate? How many different spreadsheets exist? Where are they stored? Did any users make a data entry mistake, or somehow tarnish the data? There’s no way to know. How bad is this problem? Studies have found that over 80% of spreadsheets contain critical errors. User groups now exist to warn businesses about the dangers of spreadsheets. If your company still relies heavily on spreadsheets, your data is already at risk.

2. Create password policies
End users have notoriously bad password habits. How bad? According to this annual list of the most popular passwords over the last year, “123456”, “password”, and “12345” top the charts. That’s right. It’s that bad. Without a strict password policy, your employees can unwittingly put your data at risk with weak passwords.

3. Use 2 factor authentication
Now, a strict password policy helps, but it’s just one step in the process. What happens if a hacker gains access to one of your employee’s passwords? How can you protect your data?

Two-factor authentication (2FA) is a great way to combat this risk. It adds a second layer of security to your applications. Rather than identifying users with a single factor (user/password), it adds another identification factor–usually a pin number delivered via sms. This is a great method to add extra protection to your most sensitive data.

4. Monitor user workstations
Here’s another password-related problem: How will employees remember multiple, complex passwords? If you impose strict password policies, users need a way to remember their passwords.

What do they do? Many write their passwords on sticky notes and leave them on their desks–defeating the point of a password in the first place. To combat this, perform periodic security checks on your employee’s workstations.

5. Hold security and awareness training
Hackers aren’t usually the biggest threat to your data security. The fact is, uninformed employees are often your biggest threat. Many don’t understand proper security habits. They don’t realize their actions put the company at risk. It will stay that way unless businesses ensure that their users understand best security practices.

6. Create a good rapport with end users
In some companies, there’s a disconnect between the IT department and the end users. Both sides have an “us vs. them” mentality. The users feel like IT gets in their way, and the IT department feels like users can’t be trusted. The problem is, this disconnect puts your business data at risk.

If end users don’t respect the IT department (or vice-versa), do you really think they’ll respect their security policies? No.

7. Limit data access
Allowing too much data access is another critical security mistake businesses make. They give users access to all of their data. This opens the business up to all sorts of security risks. For instance, what happens if a user decides to copy data to a personal device and bring it home? What happens when a user accidentally deletes data, or enters new data incorrectly?

“One of the most important steps in keeping business data safe is to tightly control access to any sensitive data, and that includes administrators, says Jon Gossels, President of SystemExperts.

Nobody should have access without oversight and logging.

Make sure that every user has the least privileges necessary to perform their job and that every user has his own unique login credentials so that actions can be traced.

If you have computers on-site, make sure they are used only for business (e.g., don’t allow anything to be downloaded or for people to browse the Internet), and make sure you have constantly updated anti-virus software running at all times – and keep those computers isolated/segregated from any other networks or computers you may have.”