Did you know that there was an average of one data breach every single day in the U.S. last year? That more than 800 million records were exposed in data breaches last year? Or that the average cost of a data breach is now a staggering $3.5 million?
These are not statistics you want to be part of or costs you want to incur. So remember the following tips as part of your breach prevention program:
1. Think of data as though it were gold.
It is to hackers, it’s even gold to marketers, and maybe even to you. It’s a valuable and universally tradable commodity so treat it as such. The best way to lose something is to treat it like it doesn’t really matter.
2. Classify your data.
There’s so much data in circulation, what’s a busy hacker to do? Focus on the information that really matters, that’s what. And that’s what you need to focus on, too. In most businesses, sensitive customer and employee information, from credit card and Social Security numbers to email addresses, is far more important to a hacker than your product development plans or sales forecasts.
3. Control access.
Only grant access to people who need access, and in most cases that’s very few people. It’s not that you shouldn’t trust your employees, but people make mistakes. The more people who have access to your data, the more mistakes that can be made.
4. Control privileges.
It’s a close cousin of controlling access. It’s not just important that you control who has access to your data, but what they can do with it. Is it safe for them to just read it, or can they also be allowed to print it, copy it, save it to another device, email it outside the workplace and so on? Data security can be maximized when as few people as possible have access and privileges.
5. Use encryption.
Encryption is everywhere, and rightly so. It’s in your browser, your bank, your smartphone, and your email. It should be in more places. Encrypt all the data you can, and especially on desktops and laptops. And if you or employees have sensitive data on smartphones or tablets, there’s encryption for that too.
6. Watch data on the move.
Security experts say that data’s safest when it’s at rest. It’s easier to protect when it’s in the one place. But as soon as it’s on the move it’s vulnerable. That usually means on someone’s laptop, tablet, phone, or USB drive that goes missing or is stolen. Remember, it’s still a data breach when you lose track of information – even when there’s no evidence that it fell into the wrong hands.
7. Shred and dispose.
Did you know that nearly 20% of all data breaches every year are through paper records? We often think as data only being vulnerable when it’s on some type of device, but paper records are just as vulnerable. Pay attention to how you store your paper records, who has access to them, how they’re disposed of, and what records you keep to make sure you know they have really been disposed of.
8. Secure your website.
Your website is usually the first port of call for hackers in search of data. There are two reasons – your website is often the place you gather much of your data, from credit cards to email addresses; and your website is the easiest way for hackers to find you from far away.
9. Manage malware threats.
Most threats are automated. One set of tools scans the internet looking for vulnerable websites, networks, and computers, and another ships out malware designed to take advantage of any security vulnerabilities discovered. And most of that malware is designed to steal your data. Check out the OWASP Top 10 list of common cyberthreats to websites and web applications to learn more.
10. Stay PCI compliant.
If you take credit or debit cards, hackers want them. Which is one of the reasons merchants need to be PCI compliant. The other reason is that PCI sets out an easy-to-follow list of requirements that will help you keep your credit and debit card data safe.
A security breach is bad enough, especially if hackers use your website to distribute malware to your visitors. But a data breach that exposes sensitive information can be devastating to your business. Guard that data and all access to it, and keep your fingers crossed. If this seems like a lot to tackle on your own, SiteLock is here to help. Contact one of our website security specialists today to begin a free website security consultation.