Righting wrongs: preventing data breaches before they happen
- 18 June, 2015 16:03
Data breaches have hit the news recently for all the wrong reasons. A major grocery chain has recently suffered a major data leak, the latest in a long line of businesses that have been forced into damage control mode after widespread dissemination of information that should never have entered the public domain.
Indeed, last year one of the world’s major entertainment businesses was almost brought to its knees after rogue operators were able to access its emails through its network and then widely publish this information. This incident alone highlighted the need for businesses to safeguard internal information at all times.
These incidents shine a light on the requirement for businesses to have proper systems in place to protect sensitive commercial information. Enterprise organisations that do this substantially reduce the risk that confidential customer information will end up in the hands of those who should never have access to it.
Here are four steps every business should take to ensure their important information remains secure.
1.Enable sophisticated email functionality
Pressing ‘send’ before you’re ready to distribute an email or ‘reply all’ when you only wanted to send a response to one person is the stuff of nightmares. Unfortunately, similar incidents have happened to most of us, which is why it’s essential for businesses to put in place protections to reduce the chance these types of scenarios can cause damage to a company.
Happily, there are a number of protocols and processes that can be implemented so that when a staff member is accidently ‘trigger happy’ when sending an email, the damage is contained.
For instance, it’s a very good idea to provide functionality so that staff are equipped to recall or withdraw emails inadvertently sent out. It’s important to train staff to ensure they know how to use this functionality and can use it swiftly. Because when these types of data breaches happen, time is of the essence.
While it’s not possible to completely eradicate damage caused by sending an incorrect email, it can help to minimise the fallout.
2.Distribute Information on a need-to-know basis
Another important concept useful in managing the risk of a data breach is to only give users selective access to files in the system. It’s a fantastic feature when people from inside and outside the business need to work together on documents.
This functionality allows users to upload information and grant access only to a specific folder, without giving access to all information or compromising the entire network. This is a great way to facilitate easy online collaboration, without jeopardising online data security.
3.Restrict user access
A huge risk facing many businesses is unauthorised access to the system by outside parties, while a staff member is logged into an external Wi-Fi network. This is an increasingly common problem, as staff increasingly work remotely sometimes from jurisdictions where hackers are more commonplace.
An important solution to consider implementing is to restrict user access to business content by IP address. It’s a great way to ensure everyone who is working away from the office can still have all the information they need at their fingertips, without worrying that rogue parties will be able to infiltrate the system.
4.Your time is up
Another important protocol to have available for staff is the ability to place time-bound access on certain documents. This type of functionality is valuable when team members are working on documents, such as contracts, that have a time limit.
This reduces the risk that files that are out of date will be accessed, or that external parties will be able to access documents whose details are no longer relevant.
In an era where remote access is increasingly commonplace and at the same time cyber threats are growing, IT security should be a primary concern of every business,
There is a plethora of tools out there to ensure your business information remains secure. The important idea is to explore the range of options available and implement solutions to give your business the best chance of maintaining the integrity of sensitive business information.