If your enterprise doesn’t place a high priority on data security, you are at risk of being victimized by hackers and accidental data exposure. The results of this can be:

  • Financial and Personal Exploitation of Customers and Clients
  • Theft of Corporate Secrets
  • Systems Infected by Viruses and Malware
  • Public Embarrassment
  • Fines For Failing to Follow Regulatory Policy Related to Data Security
  • Loss of Customers
  • Civil Action
  • Loss or Corruption of Data

With 2016 just around the corner, now is the perfect time to review and revamp data security policies, and to see which technologies and methodologies you can use to improve your data security. After all, hackers are certainly working hard to find new ways to exploit your data.

1. Take Measures to Keep Your Cloud Storage Safe

Are you storing data on the cloud? If you are, you are probably enjoying the benefits of easy access, and the cost savings. You are probably also very aware that there is risk to storing data on the cloud, and aware that risk cannot be fully mitigated. However, you can take steps to protect cloud data by taking the following steps.

1. Set a policy that only certain files will be stored in the cloud and that other data will be saved in house or offsite on secure servers. Data that should not be stored on the cloud includes:

  • Personally identifying information about customers, employees, patients, or associates
  • Any information that is required by regulation to be secured
  • Any financial information
  • Passwords
  • Proprietary information and intellectual property
  • Data that is accessed infrequently

2. Use MSSQL Backup and encrypt data for security and integrity and make timely backups of everything you keep in the cloud. Cloud Robot, Acronis and Idera offer excellent software and additional tools to update, backup and keep your data safe on the cloud.

3. Never assume that nothing will go wrong with data stored in the cloud. It will. History knows numerous examples of cloud data breaches.

4. Create a system of backing up cloud data as you would any other data:

  • Encrypt data on your own before uploading it to the cloud or purchase a cloud storage solution that does that for you
  • A security specialist should be consulted before implementing backup and encryption policies or purchasing any solutions

5. Set policy outlining who can access cloud data, and when and where they can do so:

  • Cloud data should never be accessed from public computers
  • Employees should only access data from company approved devices with the latest security patches installed
  • Cloud data should be secured with passwords and multi-factor authentication
  • There should be systems in place to track who accesses, changes, deletes, or adds data to files in the cloud.
  • Only employees who need access should get access

2. Hire an Ethical Hacker to Get a True Picture of Your Data Security Weaknesses

An ethical hacker is an individual who hacks into a company’s files in order to expose weaknesses in the areas of building security, company policy, employee awareness and education, antivirus and firewall protection, and pc and network configuration.

Ethical hackers are hired by internal auditors who do not inform anybody else in the organization that somebody will be attempting to breach security. This makes it easier to identify potential security weaknesses within the organization. They utilize a variety of methods to gain access. They use pretext calling and emailing to get employees to willingly divulge information that can be used to access systems. They access work areas when employees or gone, and search for passwords under keyboards. They use password-cracking software to attempt to access computers. They convince employees to give them access to secured areas, or to download software that records keystrokes or disables security software.

It is very rare for an ethical hacker not to find at least one way to gain access to sensitive information. The things learned from this type of an audit can be painfully embarrassing, but they also provide a great amount of knowledge on which to build a data security policy that actually works. Occasionally, they also reveal individuals within an organization who are maliciously working against the company’s best interests.

3. Tighten up Your BYOD Policy

Bring your own device, or BYOD has its benefits. The company saves money on hardware, and workers use devices and operating systems that work best for them. This increases efficiency, job satisfaction, and productivity.

On the other hand, if employees are given completely free reign, your data is at risk. If one person downloads a piece of malware or fails to keep their OS upgraded, everything they can access on your servers or on the cloud is in danger. Fortunately, you can give your employees device flexibility while also maintaining data security.

Here are a few suggestions:

  • Consider replacing BYOD with CYOD or COPE (Choose your own device from a list of approved devices, or use a company provided mobile device)
  • Use enterprise mobility management and app virtualization for device independent access to software and files
  • Set policies outlining who can or cannot BYOD, how devices will be audited and updated, and which devices will be allowed under the BYOD policy

What are your data security plans for 2016?