12 Tips For Your Data Security Plan

Did you know that 90% of the 5,500 small, medium and large companies surveyed in 2015 experienced at least one security incident? Having a data security plan in place is of utmost importance to every business.

With all the personal and corporate data provided by clients, customers, and employees, it is of crucial importance that businesses have security measures in place to protect this sensitive information.

We live in a daunting age of Internet criminals and pervasive security breaches. We have all heard about the data breaches that occurred at large scale companies like Target, Sony and JP Morgan Chase, but you may be wondering why any hacker would seek out a small business like yours. The truth is that every business is at risk because hackers do not discriminate. Often, they are not specifically targeting your business as much as they are looking for a cover for their cyber-crime operations.

Digital thieves are constantly looking for information to steal and they may use this personal and financial information to get into bank accounts, set up credit cards, or sell to a third party. However, being at risk for malicious hacking is only one aspect of why sensitive information needs diligent protection.

The Ponemon Institute, the pre-eminent research center dedicated to privacy, data protection and information security policy, released a “2015 Cost of Data Breach Study: United States” which shows that 49 percent of data breaches stemmed from malicious or criminal attacks, 19 percent involved employee negligence and 32 percent were caused by system glitches.

As a business owner or manager, it is vital you do all that you can to protect your company’s sensitive information, and this includes not only your network, but all computers and mobile devices as well.

To combat the threats of cyber-attacks, accidental human error, and potential natural or man-made disasters, a business needs to have a data security plan in place no matter how large or small your business is. Without this protection, businesses often see consequences that span from legal liabilities, business losses, and a damaged public opinion of the business as a whole.

A data security plan can mitigate such risks. If implemented and monitored routinely, your security program can also serve as evidence against any legal consequences, proving that your business diligently follows industry best practices toward protecting your data.

Here are 12 tips to implement in your data security plan for prevention and protection:

  1. Designate a Security Officer – New standards and regulations for several industries require this.
  2. Perform a Security Audit/Risk Assessment: Are passwords strong and changed often? How are physical documents secured? Are file cabinets locked that keep sensitive data? Are shredders utilized fully for sensitive paper documents? Are laptops and mobile devices protected and locked up when not in use? Is sensitive information available on such devices and if so is it encrypted? Are public Wi-Fi hot spots used when out on location or can the laptop be tethered to the smart phone to act as a modem for a more secure connection? Have third party vendors been evaluated for how they address data security?
  3. Establish a Privacy Policy (for further research on this topic, The Federal Trade Commission’s “Protecting Personal Information” Guide is an excellent resource for security and privacy information.)
  4. Create an Acceptable Use Policy for all users
  5. Define how often the risks are to be reassessed
  6. Outline how you will respond to security threats: An Incident Handling Guide
  7. Incorporate your virus protection software policy for all work stations, mobile devices and cloud components
  8. Detail your Business Continuity Plan for man-made or natural disasters
  9. Protect your passwords
  10. Educate employees to have security awareness and provide resources
  11. Hold employees accountable
  12. Consider hiring a qualified managed security service to make sure your business is safe and secure. This will allow your in house IT department to concentrate on the business.

Overall, having the right data security plan in place is crucial to keeping hackers away, but it is just as important to have a proper backup strategy for your business in the event that your data gets corrupted or lost. Business Information Solutions (BIS) can safeguard your business files and therefore, its future by providing the most reliable data backup services available with our Disaster Recovery Backup plans.

Above all, we want to be a resource for you! We make it our mission to bring these tools and strategies to the public. The more we can help businesses understand the steps needed to mitigate any types of data breach or loss, the better we all are as a community. We’re offering the community a complimentary luncheon at Wolf’s Bay Lodge in Foley, Alabama, on June 9th where we will be discussing the best practices needed to combat a cyber-attack. RSVP for our Executive Business Luncheon on Cybersecurity here. We’d love to see you!