We all know that keeping data secure is important. To be careless is to put all of your sensitive company and personal information up for grabs, making your business vulnerable to data breaches and putting you and your employees at risk for identity theft.
And yet when it comes to data security, far too many of us are guilty of throwing caution to the wind. How guilty, you ask? Shockingly.
You may have heard about the US secret service agent whose laptop was stolen out of her car.
But did you hear about the data breach at Boeing, where personal information for 36 THOUSAND employees was leaked unintentionally by an employee who emailed the spreadsheet to his spouse at home for help with formatting? True story.
And then there’s the Snapchat breach, where a phishing email appearing to be sent from the CEO asked a staff member for payroll information for over 700 employees— and got it. Initially, no one realized it wasn’t a legitimate email, and the requested information was provided. How’s that for frightening?
Employee error is real. And real scary.
According to a study by the ACC Foundation, the number one cause of company data breaches isn’t a misfit team of hoodie-wearing hackers. It’s a little thing called employee error.
Employee error can include things such as:
- Weak passwords
- Unintentional leaks
- Falling for phishing scams
- Lost or stolen laptops, tablets, or cell phones
- Improper storing or disposal of confidential paperwork
That’s a lot of error, a lot of compromised information, and a whole lot of risk. So what can you do?
Every company is different, but here are some expert/industry suggestions worth considering:
Provide regular all-staff trainings
Your IT department may be knowledgeable about these issues, but do your employees know the risks associated with lax data security practices? If you don’t tell them, you can’t be surprised when they don’t know.
- Create a culture of security.
- Teach your staff how to create good passwords, spot suspicious emails, and secure electronic and hard copy and data.
- Train from the top down, and do it often.
Technology changes quickly, so this isn’t a one and done adventure. Commit to keeping everyone up to date, all the time.
Put your policies in writing
Telling the team isn’t enough. Take the time to properly document and enforce your security policies.
- How is data to be handled, stored, and disposed of?
- Where is information kept and who has access to what pieces?
- Be clear about permissions, and err on the side of caution. (No need to give that new intern access to your entire drive!)
Update your storage and disposal procedures
Never assume your data is safe, or that everyone who walks in your door is trustworthy.
- Lock file cabinets and shred bins.
- Make it clear what kinds of documents can be recycled vs. shredded.
- Set up offices so that computer screens aren’t visible to everyone walking by.
- Think twice about Bring Your Own Device policies and the use of USB drives.
- If you use portable devices, make sure data is encrypted and that you have remote wiping capabilities in case they are lost or stolen.
Think of your old computers and devices as disgruntled exes. Just because you’re moving on doesn’t mean they can’t come back to haunt you. When it’s time to let go of old computers and devices, make sure to wipe the slate clean.
Use technology wisely
Technology is a double edged sword. Make sure it’s working for you and not just against you. There are lots of tech solutions out there to help you thwart potential technology mishaps.
- Keep your software updated.
- Use SPAM protection and email filters.
- Monitor network, Internet and email activities.
- Consider using two factor identification.
Don’t let data security be something you learn about after the fact. Start with the easy changes (new password, anyone?) and work your way up to the bigger stuff. Before you know it, you’ll be on your way to more secure data. And less lost sleep.
At Raffa Financial, we provide long-lasting benefits strategies to take care of your business and your employees. Located in Rockville, Maryland, we identify and manage complex employee benefits challenges for businesses all over the greater Maryland, Virginia and Washington, DC area.
Photo by garloon