« »

Tuesday, May 13, 2014

Don't be a Target: 4 lessons learned about data security

By Josh Anderson

Business data security
 Cyber criminals do not have businesses best interest in mind
Lately many large retailers have become victims of data breaches. Target's point-of-sale payment system was hacked and over 110 customers Payment information was lost. This left many customers insecure, and Target is still dealing with the fallout.

In order to prevent a similar breach, it is important to learn from our mistakes. Each day hackers are busy improving their skills so that they can break into your systems, so you have to be on the run to avoid being a victim. Below are 4 ways to include your team/ family members in the defense of your business or team.

1. Security: Hire a security team. Then, make sure that you involve them in your decision making. Let them know when you're about to get any new equipment and servers, and how you plan to use them. The security team's job is too keep you informed about how to manage your property and how to increase security.

Security talks can be scary but part of their job is to keep you informed about the risks, but don't be worked this will only increase your security.Target ignored alarms that could've made them aware of the breach sooner, don't make that mistake.

2.  Include everyone in the security team: You must understand that everyone is a member of the security team. Everyone in your business should be in the front line to ensure security. A good example is having different passwords for your accounts. Otherwise, when a person gets access to to one of your password they have access to all your other passwords as well. 

The most effective way to encourage your team to make wise decisions based on security is by educating them. Invest in them and train them, this might look like a waste of resources but you never know how important it is until your data breach makes news and cuts into your revenue. 

3. Involve your venders. Everyone who gets onto your premises can either help you with security or make you less secure. This comprises of people who have access to your home or business both physically and electronically. You have to ensure that you have a list of all your vendors, and what they the services they offer you. You have to find out about everyone who supplies to you, and who comes to your office or your business.   

Apply the same measures electronically. For instance, if an outside vendor communicates via your network assign different login information to every person instead of a single login for the vendor company. Also make sure that you limit the amount of information that each vendor can access and that they only access the information that is relevant to them.

4. Risk management: It's almost impossible to eliminate risk but it's important to understand it. Risk assessment is mandatory for your company or house. The main basic foundation of risk management is identifying weaknesses and identifying where to apply protective measures. You can hire a specialist who will assess all your risk for instance, what could go wrong, how it could happen, the financial risk that can be caused and present you with a report. This report will help you in deciding which areas you need to spend your time on and what are the problems you're likely to encounter.

Cyber criminals want you to be careless, whether you're an individual or business owner. Don't play their game. The risk can be mitigated, but it's important that you to understand what puts your data at risk and how to go about protecting it. Your business ultimately depends on it. 

About the author: Josh Anderson is a computer security consultant with over 15 years experience. While mistakes happen, there are lessons to be learned. Josh understands that lax security can prove costly for all involved, and strives to help businesses and individuals alike protect themselves. 

Image license: ThePlaz, CC BY-SA 3.0