You need to care about your data security.
In 2018 Australia was in the top 5 most breached countries in the world. We had the 7th most amount of exposed records. That’s an unbelievable amount of confidential data hacked. Not only that, but it takes on average 197 days for an organisation to realise they have had their data breached. That’s a lot of time and a lot of damage.
Don’t worry, we got you covered. Here are our 9 best ways to prevent your data from being hacked. So you can stay safe this new year.
1. Keep hackers from tricking your employees
User security awareness is one of the best ways to protect your organisation. Every day, 1 in 2 users will receive an email with malware.
On top of that hackers’ trick employees into giving them access to your data (this is known as Social Engineering). They can send fake emails from CEOs, place infected USBs in places employees can easily grab and MUCH more.
By training your users in data security you can stop them from jeopardizing your data.
Here are a few strategies for educating users. Remember you should be creative and consider what type of employees YOU have.
- Send fake phishing links to employees which redirects them to a test on how to avoid phishing/malware links
- Have training meetings about data security and how hackers can trick employees into giving away data.
- Create videos for employees to watch about IT data security
2. Create a Data Security Policy
To make sure your data stays safe it starts with a policy. Create a policy that ensures the safety of your data safety and embeds it in your culture. It is important not only to create a security policy but also enforce it, whether it be through constant meetings or fines/rewards or systems (they range anywhere from Group Policies to physical security to new systems/solutions)
Remember hold suppliers and vendors to these rules. They have YOUR data and they too must act with care.
These are a few examples you can include in your Data Security Policy:
- Constantly change passwords
- Minimise use of external hard-drives to carry confidential data – this way people are less likely to lose confidential information and they won’t accidentally use
- Report Malware – A system where employees can easily report malicious malware when they come in contact with it.
- Make people accountable for the sites they visit – make them sign in to visit untrusted sites
3. Clean out malware before your employees can get to it
There’s always a chance an employee accidentally clicks on malware. That’s why you must block malware websites before your employees can get to them. This can be done through web filtering and firewalls which can block potentially harmful sites. There are third party solutions that can help implement this in your organisation
As a bonus they also allow you to control access to non-work related sites so your employees don’t get distracted.
4. Vulnerability Assessments
Consistent Vulnerability Assessments can help find out areas where your security is flawed. These flaws can be exposed and cause a data breach. It is important to address them ASAP.
This sounds like a lot of technical work. And it is. But this is the basic framework for any vulnerability assessment:
- 1. Assess your business
This is where you identify the risk and importance of each device on your network. From there locate any software applications and data used anywhere in your business. - 2. Identify vulnerabilities
After assessing your business you will easily be able to go back and identify vulnerabilities by considering your devices and software applications against your risk tolerance, risk mitigation practices and the business impact of these devices. - Scan each server that runs your software application and your network to find any vulnerabilities. If these servers and networks may not be protected, they will leave you wide open to cyber attacks and data breaches.
- Find all hidden data sources that will allow easy access to secure information.
- 3. Fix vulnerabilities
From here you should have areas you can work on. First, you must identify whether the service that the device/application provides is useful to your company, if it isn’t get rid of it. You must also consider whether the cost to fix the flaw, is worth the impact it can have on your business untreated.
5. Prevent intruders invading your network
If hackers or other unwanted people enter your network your data will be compromised. There are 2 steps to prevent this:
- 1. Intrusion Detection: Monitor your network checking for any signs of abnormal activity.
- 2. Intrusion Prevention: This follows intrusion detection and stops any potentially harmful incidents from occurring.
If you want your data to stay secure this step is a must.
6. Restrict data permissions
The more people that have access to private data, the greater the chance that it can be hacked or leaked. Keep your data safe by giving people access to what they need. That way if there is a breach through an employee’s account, they are only allowed access to a certain amount of files.
7. Consistently patch your systems
Developers regularly provide patches and updates for their applications and computer systems. These patches can often provide your systems with more security. If you decide to not patch your systems, it will leave your data vulnerable.
Be warned patches must be administered thoughtfully. This is known as patch management as patches must be used appropriately for different systems, installed properly, tested and more.
8. Encrypt your data
This one’s simple. Private data should always be encrypted. This means data can only be opened by selected users. This along with restricted data permissions will increase your IT data security tenfold.
9. Back up your data
This won’t prevent your data from being breached, but if your data is hacked it makes recovery easier. For instance, imagine all your data is infected with malware and you get locked out. The only way you can get it back is if you pay money to the hackers. If you have backup you don’t have to fork out a lot of cash to save your data.
This example is known as ransomware and alone has caused 1 in 5 affected SMBs to shut down. PLEASE backup your data. It’s a must.
Bonus tip: If you are not on the cloud. You need to be. Not only does the cloud provide more safety and security for your data. It is just more convenient. Click here to learn more