Keeping your organization’s data secure and private should be a top priority. Why? Because data breaches are becoming increasingly common, destructive, sophisticated and expensive.
According to Inc. magazine, for U.S. companies in 2019, the average breach cost $73,000. Furthermore, 8 percent of respondents to a survey of senior executives the same year said their organization had experienced a breach within the last two years and 12 percent, within the last 5. The same article said half of the breaches were not conducted through the use of malware, but rather using existing systems and stolen credentials.
So then how does one prevent their organization from falling victim to a data breach and private information accessed?
Here are some tips:
Shred confidential records
When it comes to moves, spring cleanings, organizational downsizings and old records, it’s easy to throw away the items you don’t need. It would seem like once they are in the trash bin, they are out of sight and out of mind. The trouble is, they’re not. Not only can dumping records bearing personal or confidential information bring hefty fines, it can open your organization to identity theft, corporate espionage, data breaches and so on.
The best thing to do is with any records holding any identifying information — such as names, addresses, account numbers and other information best kept private— is to shred them. Better yet, hire a mobile shredding company to come to your location and shred those documents in front of your very eyes. That way, these records can truly be out of sight and out of mind.
Use passwords and use them responsibly
Admittedly, passwords are annoying. However, they are increasingly necessary to protect you, those you work with, your networks, connected devices and data.
Here are some tips to make your passwords easy to use, yet effective:
- Keep your password private. That means don’t leave it on a sticky note and attached to your monitor and don’t share passwords. Sharing your password takes down your first line of defense. All it takes is for the wrong person to get your password, and the sky is the limit for how much damage they can do.
- Use a minimum of fourteen characters — a combination of symbols, numbers and upper and lowercase letters, making the password more difficult to guess. You can change out letters with numbers and vice-versa, like substitute “s” with “5” or “$”, “e” with “3”, or “a” with “4” or “@”, as examples — but make sure it’s not 2Pr3d1ct@ble.
- Don’t use personal information. You don’t want your password easily guessed, so don’t use information such as your name, your username, your company’s name or such.
- Make each password unique. By only using unique passwords for each login, you effectively protect your other accounts should one become compromised.
- Use an easy-to-remember phrase for your password. For example, think of a hobby, a favorite activity, maybe a favorite vacation spot or a bucket list item or such. Once you have it in mind, transform it into a series of upper and lowercase letters, numbers and symbols. For example, “I want to hang glide” becomes “IW@nt2HangGl!de”. See? It’s strong, secure and relatively easy to remember.
- … Or use a password manager. There are many options out there like LastPass, 1Password or Bitwarden that will generate secure passwords, remember them and populate them for you, but for business, you need something with a bit more power and more usability.
We have just the thing a password manager that not only, well, manages your passwords, but gives your team private vaults, secure shared folders, an administrative console, role-based permissions and more.
Click here for more on that.
Use two-factor authentication
With two-factor authentication, should someone have hacking "skilz" and get your password, they still will not be able to get into your account.
Under such protection, when a login is attempted, the proper user will receive a notification on their mobile device requiring either a passcode or login acceptance. This way, if someone doesn’t belong accessing your workstation or account, you’ll be able to deny them access.
Regularly update your software
Just like passwords, software updates are annoying but necessary. Many updates carry patches or security fixes for known vulnerabilities and work to plug holes where bad guys can come in. We also recommend daily restarting your computer daily as doing so allows your workstation to receive and install updates, making it less vulnerable to cyber threats.
Educate network users
It's been said that if you don’t know what the problem is, you can’t fix it. The same is true when it comes to your network and its users. Often the greatest vulnerability in a given network is its users, especially if they don’t know what a security threat looks like.
That is why it’s important to teach your users to recognize social engineering (otherwise known as phishing) when they see it. It’s likely every day they receive emails bearing malicious links enticing them to click them, only to download a nasty virus or ransomware package — potentially costing your organization thousands of dollars in damage and potential fines. Teaching your users to identify and avoid such threats can save you lots of pain and heartache.
If you don’t know where to start on education, read this and share: How to spot a phishing email.
Sadly, Wi-Fi networks and especially public ones can be hacked. If a user gets onto a compromised network, bad guys can capture any and all information exchanged on the network.
That is why there is such a thing as VPN — virtual private-area network.
With a VPN, you can connect to the internet via a public hotspot, but then immediately access your organization’s VPN typically via a desktop icon. This then launches an encryption program that directs your online activity under the protection of your organization’s connection, blocking bad actors from viewing and collect your data or work.
If your organization does not have a VPN, we might know a certain managed IT services team (our own, actually) that can help you out.
Hopefully, these tips help you better protect your business and keep your private data private.
If you need help on implementing any or all of these strategies, give us a call. We provide office technology solutions to businesses of all sizes and we are here to help you.
If you would like any information on how to secure your network and data as described above let us know. We’d be glad to help in any way we can.
About R.K. Black, Inc.
R.K. Black, Inc. is an Oklahoma City-based, family-owned leading provider of office technology solutions to small and medium-sized businesses in Oklahoma and Kansas. We specialize in everything business technology from copier, fax, printer and scanner technology to document management, onsite paper shredding services, VoIP phone systems and managed IT support to video surveillance solutions.
If you want to learn more about us, feel free to explore the website, read our other blogs or click the button below to be contacted by one of our reps and tell you! Also, be sure to keep watching our social media channels on Facebook and Twitter for more business tips from our blog.