Data security within the workplace is growing to be a larger concern for businesses. Fortunately, there is a lot of infrastructure and information broadly available. Security wise, some will suggest having a physical building check at the end of the work day. Other security measures can be as simple as checking vulnerabilities that could lead to sensitive or protected information being vulnerable.
While these measures are all good – and you will want to do more security measures to avoid any potential fines or settlements – they’re not exactly the cheapest. It costs money to hire security, upgrade security software for your business amongst many security needs. And if you’re working on a tight budget, the whole idea of setting money aside for security can become ambiguous.
Fortunately, there are several cost-effective tips that you can try out. Below is a list of a handful but by no means is that all that you can do. These are some tips that work in a general sense as well so if there industry specific industry standards, ensure that you are compliant with those above all else.
Shred Files Before Tossing Them
Even though businesses are likely to be attacked online, it doesn’t mean you should let physical data get an easy pass. Even if physical files are really old, it’s better for you to shred those files first before tossing them into the recycling bin.
People still have ways of breaking into buildings and accessing information. Furthermore don’t think that if it’s in the trash it’s gone. According to a Canadian study, five teaching hospitals found a total of 2,600 items with personally identifiable protected health information were pulled from recycling bins over 18 months.
This tip doesn’t apply to personal records only, but also customer quotes, invoices, and letters should be shredded as well.
Update Your Computers
As a general rule, updating is a smart thing to do and should be done without question. So often these updates not only provide fixes to bugs or glitches or provide additional functions, but they also provide patches or new versions of operating systems too.
Everything from browsers to small applications should be routinely updated whenever there is an update available.
And if you’re using exclusively cloud software, it doesn’t mean you get a free pass. You are still responsible for software updates. And on that note, be sure that mobile devices are protected and updated regularly too.
Selective Wi-Fi Privileges
Another glaring issue that a lot of companies make is that they only have one Wi-Fi network. While it makes things easy for everyone to access it and do their work, it’s bad news if a hacker breaks into the network somehow.
You can avoid that whole scenario by creating protected environments and all that you need to do is change permissions. Through these changes in permissions, you’re able to segregate authorizations through guest networks. These will limit how much access people have to applications and what they’re able to do.
This limits the damage because if one network does get broken into, a hacker only has access to a certain amount of information and can’t compromise all applications.
Work With Contractors That Are Security-Minded
Any third-party contractors you are working with should have strong controls in place. A simple way to validate that is to see if an audit was performed from the American Institute of Certified Public Accountants’ (or equivalent for non-US residents). Specifically you want to see is the Statement on Standards for Attestation Engagements 18 (SSAE 18) has been performed which is a standardized process used by service providers that test and prove the safety status of their data centres.
Put A Strong Password Policy In Place
In 2017 the National Institute of Standards and Technology (NIST) put in place new stipulations regarding password management. These guidelines are merely suggestions, however considering the frequency of attacks and successes of those attacks, it’s smarter to look at these as guidelines to follow.
What these stipulations entail is essentially a list of passwords that are known to have been hacked and are frequently used. Compare that list with your own passwords and make changes if necessary.
On top of this, the NIST guidelines also forego changing your password routinely as it hurts security rather than enhance security. You also don’t need to worry about meeting character combination guidelines as they don’t provide much else beyond a false sense of security for those who do that, per NIST.
A report from Shape Security uncovered that the information entered that was stolen by cybercriminals covers 80 to 90% of login attempts at ecommerce websites.
As a result, you’ll want to be exercising caution and ensure that business accounts and devices are safeguarded against unauthorized parties. Even if you have trust in an individual or a specific company, you still want to limit information to a need-to-use basis.
One scenario you see so often is allow a client to use a laptop that belongs to your organization. And of course, login credentials should never be shared under any circumstance.
Training Staff Members
Even small companies are getting hit by cybercrime attacks making it very clear that these attacks don’t discriminate.
While it’ll help to update your systems often, training staff is another extra precaution to take. Overall, the staff of an organization should know what best practices to have, what some key signs of cyber attacks look like, and know your incident response plan.
Instead of hiring a course instructor on this, you can educate yourself on some of the basics and can even create your own training exercise too. For example, you can set up a mock phising email and see how people respond.
To best learn from their actions, you can segment responses of that phishing message used and by department.
You can go a step farther as well by telling staff you value cybersecurity and want it to be a core part of the business. Stress that you’ll be talking about this regularly with staff and include it with on-boarding staff.
While all of these measures are small, they often times cover a large stretch of security problems. Security issues arise when companies and individuals forget or get too relaxed about the small cybersecurity habits. By keeping these tips in mind and using them, you’ll have some affordable ways to improve security.
Mtek Digital Managed Business Service
Mtek Digital provides help with virtually any business technology requirement. From IT services to Web and Video Marketing, we’re capable of servicing the tech industry throughout Canada. Contact us today.