Every business faces certain data risks. There are data breaches that occur when the wrong people gain access to sensitive information and data loss caused by human error, storage corruption, etc.
While data risks will never go away entirely, businesses must take steps to mitigate and minimize these risks whenever possible.
Not every data protection measure has to be as comprehensive as a full-on business continuity disaster recovery plan, however (although such measures are very useful). There are many simple things that your business could do to mitigate data risks, including:
Downloading and Installing Critical Security Patches
Keeping up-to-date with OS and individual application security patches is a key part of mitigating data breach risks. While there are thousands of new threats being created every day, the majority of attacks rely on old security exploits—ones that are more than a year old in many cases.
Security patches fix many of these vulnerabilities so that old exploits won’t work. This significantly reduces the risk of a data breach.
Take Some Time to Configure Internal Firewalls
Firewalls are a great tool for keeping unauthorized outside traffic from being able to access sensitive systems. However, these firewalls have to be properly configured.
Taking the time to set up network rules for the firewall so that it only accepts traffic from trusted local area network (LAN) or virtual private network (VPN) connections is a key strategy for preventing unauthorized access of data.
Any virtual machines (VMs) or servers containing sensitive data should always be segregated behind their own firewalls.
Enforce and Verify the Use of Strict User Account Security
Compromised user accounts give attackers an easy path into your network that bypasses many key security layers. To prevent attackers from compromising legitimate user accounts, it’s vital that your business employs strict user account security measures.
Key measures include:
- Password creation guidelines
- Preventing the sharing of user account information
- Creating strong guidelines for verifying email links and attachments prior to clicking/downloading
- Establishing penalties for failure to follow account security standards
Each of the above measures can help prevent a user account from being compromised. Strong passwords help prevent a password from being guessed or spoofed too easily. Keeping user account details from being shared limits the risk of one employee using another’s account illicitly. Establishing guidelines for verifying links and attachments in emails helps to thwart phishing attempts.
Always Remove User Account Privileges When Terminating a Business Relationship
An account can’t be used to compromise your network if it’s access privileges are revoked and the account is deleted.
When terminating a business relationship with employees or with outside contractors/vendors, it’s vital to remove their user accounts and privileges as soon as possible. This removes the opportunity or temptation for an ex-employee to abuse their access to your business’ network.
Additionally, it’s important to review the list of user accounts from time to time to ensure that there are no “dead” accounts that have gone unused for too long and have no corresponding employee on the payroll. These accounts represent a potential security risk if accessed by an attacker at a later date.
Run a Penetration Test
Security standards such as the Payment Card Industry’s (PCI’s) standard require regular penetration testing. These tests can often find previously unknown gaps in your security—giving you the chance to rectify them before a hacker can exploit them.
Results from penetration testing may vary, and it’s vital that you find a reliable penetration testing partner that will run a comprehensive test. The goal of penetration testing is to identify and reinforce weaknesses in your security—not to get a rubber-stamped seal of approval.
Avoid Storing Unnecessary Sensitive Data
There is often a strong inclination to retain as much data as possible for future optimization. However, if a piece of data is highly sensitive, but unnecessary to your business’ operations, it’s probably best to not store that data in the first place.
In fact, there are some forms of data that you simply should not store on your system in any circumstances. This includes Full Magnetic Stripe or Card Chip data, CAV/CVV codes, and PIN numbers used to authenticate transactions. Storing such incredibly sensitive data makes it too easy for attackers to use stolen credit card information.
These are just a few of the simpler measures that your business can take to mitigate data risks. There are many other measures you can take to protect data on your company’s infrastructure, from adding encryption, to using a secure cloud provider to manage key security processes for you.
