In this day and age, data breaches may easily occur, especially for companies which rely on online clouds for data storage. Almost every company, from small to large scale enterprises, can suffer from a data breach. Having a secured data system should be a priority.
What are the biggest mistakes companies make with regards to data security? Here are some useful data security tips, from industry experts, that apply to companies doing business online.
Forgetting That Security Is Also a Business Goal
CEO of K logix, Kevin West, explains that when companies don’t align security with their business goals, this becomes a significant problem and may cause a data breach.
When making a decision, the security team should always think of the bigger picture. What is the overall impact of this in achieving business goals and revenue? Failure to recognize this may cause additional operational expenses and an ineffective data security program.
Focusing on Critical Servers and Ignoring Other Hosts
Security QA Engineer at Ciklum, Artem Metla, says ignoring other hosts and just concentrate on critical servers is another big mistake companies make with data security. These other hosts include testing facilities, end-users computers, and more.
Remember, hosts in your network are all connected and managed under an administrator. Once the hacker effectively penetrates any of these hosts, the administrator’s data is just as vulnerable. For example, in one user’s PC, a hacker can get the user’s credentials, which can open some Administrator’s permissions. Vulnerabilities can be found in any component, not just the critical servers.
Ignoring Where the Data Is Hosted
Co-Founder and CEO of HighQ, Ajay Patel, says the biggest mistake any company can make is neglecting where data is hosted. Data hosting, according to Patel, should be one of the biggest concerns of companies, especially in the law and finance industries.
Once your company ventures into the cloud, you need to be cautious about which cloud provider you are entrusting your data with. Remember those cloud providers based in the United States are subject to American laws.
It is best to check with your prospect cloud provider where they host their data. They should be able to offer you a range of choices and the laws of each area. They should tell you the best place to store your companies’ precious data.
Using Apps for Check-out Process
Guido Laures, CEO of Spreadshirt, says the biggest mistake companies make with data security is neglecting to build their security features and merely relying on apps when it comes to check-out processes.
Building security features like Content Security Policy should be a priority, instead of using apps. Companies should also include external scripts to protect their data. Another solution is to use https:// to avoid breaches in non-secure areas. This will help you gain confidence from your customers who want to have a fast and secure shopping experience.
Failure to Maintain an Information Security Plan
According to Casey Fleming, CEO of BLACKOPS Partners Corporation, one of the biggest mistakes is not having an information security plan and not classifying data as trade secrets.
Here are a few tips from Casey:
- Data security is not just an IT problem; it’s a business problem
- Having an Information Security Plan is crucial
- Understand the threats a data breach poses, not only to your data but to your employees
- Insider Threat is also as significant as an outside attacker
- Data security is a 3D ecosystem
- Companies should prefer a data-centric strategy than a perimeter protection strategy
- Do not simply rely on cyber products such as anti-virus software
- Classify your data as trade secrets
- Train your employees in data security
- Obtaining intelligence reports shapes and strengthens data security strategy
Non-Inspection of Encryption Made by Third-Party Vendors
CEO & Co-Founder of SafeLogic, Ray Potter, says the biggest mistake companies make with data security is a failure to vet the encryption used by vendors. The encryption needs to be tested and validated to a particular standard or benchmark, so it’s equal to plain text. It’s risky if not tested from a reputable laboratory.
Not Teaching Employees How to Make Better and Safer Decisions
CEO of Wombat Security Technologies, Joe Ferrara, says your employees are your greatest assets. Failure to inform your employees of data security safety measures can be critical. Apart from that, he also listed a few common mistakes:
- Sensitive data must not be taken home using work computers
- Using the same password for all accounts
- Sending unencrypted emails
- Using unencrypted data on mobile phones
- Sharing passwords with other people
- The security team is not sharing the data security policies with employers.
Even when they’re outside the office, they need to be instructed to protect their data. Companies should hold Security Awareness Training sessions and recognize employees with the best behavior.