Today is Data Privacy Day, a global celebration that commemorates the 1981 signing of the first legally binding international treaty dealing with privacy and data protection. It's a great day to evaluate your firm's data security, and consider what you and your co-workers can do to further safeguard your sensitive data.
I'd like to tip my hat to Dwight Silverman, whose blog not only alerted me to Data Privacy Day, but who also offers some excellent advice as to what individuals can do to further secure their private data. You'll find a lot of good material in that article, covering passwords, social media activity, credit reports, and more. Even if you think you're familiar with this information, I'd suggest reading Silverman's piece, as it links to some very useful resources.
One of these resources, in fact, is StaySafeOnline.org. It's powered by the National Cyber Security Alliance, a not-for-profit whose stated mission “is to educate and therefore empower a digital society to use the Internet safely and securely at home, work, and school, protecting the technology individuals use, the networks they connect to, and our shared digital assets.” The website offers a wealth of resources, information, and tips, not just for individuals but for businesses. I used their site as a resource for the rest of the information in this article.
The first step you should take in evaluating your firm's data security is to assess your risk. If you're a small company, you might be surprised to learn that you're at greater risk of getting hacked than a large company. You might think a hacker would consider your firm to be small potatoes compared to the Amazons of the world, but criminals know that small companies can't afford the resources to protect their data that large corporations can – thus making them tempting targets.
And what do hackers do once they break into your company's network? “If cybercriminals can breach a small business and steal credentials (banking accounts, email access, etc.) they can use that information to steal money directly, create attacks on your customers and work their way around the business ecosystem in other nefarious ways,” StaySafeOnline explained.
After assessing your company's risk, you can move on to making its data (and the data of your customers and employees) more secure. StaySafeOnline offers plenty of advice on that, but one great way to do this is with employee training. Such training should at least include the following five simple tips.
First, make sure your employees know what they are and are not allowed to install and keep on their work machines. Put rules in place – and enforce them. “Unknown outside programs can open security vulnerabilities in your network,” StaySafeOnline notes. As a side note, they can also make computers function less efficiently, which leads to calls to the IT department (and costs valuable time). In a previous job, when I shared an office with an elderly co-worker who didn't understand why she couldn't have whatever she wanted on her computer, I saw this happen more than once.
Second, teach your employees how to follow good password practices. Passwords should be long and contain a mix of upper case and lower case letters, numbers and symbols. Users should change their passwords regularly and keep them private. Until someone comes up with something better, they're still the best way an individual can keep data secure.
Third, make sure your employees know not to open suspicious links in email, posts, tweets, online ads, messages, or attachments. Make sure they also understand that a link isn't necessarily safe just because they know the source; a friend's email account could have been hacked, for instance. Spend some time explaining your company's spam filters and how to use them to your employees, as well.
Fourth, data security covers more than just protecting sensitive information from hackers. It also means preventing the loss of data. Teach your employees to back up their work, and tell them how often they need to do so – or if you do automatic backup at your office, make sure your employees know what they need to do to make sure their important data is saved.
Finally, a computer behaving “strangely” can be a hint that it has been compromised – so “Your employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer,” according to StaySafeOnline. And remember, no one is totally immune. Back in August, Matt Honan got spectacularly hacked and lost a lot of personal data...and he's a tech blogger, so you know he was doing what he could to secure himself. It could have been much worse, but he noticed his computer behaving oddly, and was able to work with Amazon and Apple to save at least some of his data.