Controlling risk is an important aspect of any online business. The risk of going digital with some of your data is one that nearly every company has taken on, but how many of them have looked at the security essentials that will help them manage that risk?
As a primer on these security essentials, read on for 6 that can’t be missing from any digital data security plan.
6 Online Security essentials for your company
Create a security aware company culture
The days of all your security awareness being left with a small IT group in another part of the building are over. Just one bad move by any employee can put your entire organisation at risk. One password at one entry point is all a hacker needs, any of your customers can give them that access if they’re not careful.
This is a top-down, day one tactic that must start with upper management. You can’t rely on ignored memos from your IT team. It should be part of a day one training program with ongoing lessons for new tools and advances. A refresher course that’s mandatory for all employees wouldn’t hurt either.
Secure the workforce and their devices
The endpoint security for every device is one of those security essentials that is best left to a dedicated team. Making sure that each device has the optimum settings for security reasons is not something left to your individual marketing team members – that’s a job for IT.
The second aspect of security the workforce is securing the data streams. This is two fold:
- Securing which datasets employees are allowed to access. Just like you wouldn’t give everyone access to the physical employee records, you wouldn’t give everyone access to them digitally either.
- Controlling how data enters and leaves the workplace. This can be related to physical devices being used, as well as Internet connections. The first can be determined by having workstations as an office-only use tool. It can’t leave. The second can be related to using a
VPN when connecting remotely to the company servers, or even when checking email from home. See our list of the best VPNs to get ideas on which is right for your company.
Both of these concepts will help lock down information so that only the right people can access it. You’ll be minimising risk by controlling data closely.
Build security tools into everything from the start, don’t add them after
Here’s a ridiculous scenario that plays out over and over again in the digital world, except I’ll add a sports analogy:
You enter a football game, with your favorite NFL team, knowing that you’re going to be tackled at some point. You set up at the line of scrimmage without any protective gear on hoping that this isn’t the time you’ll be tackled.
Set, set, Omaha, hike!
You find yourself on the ground and in terrible shape – you didn’t wear a helmet or even shoulder pads! You knew you could be hurt, but you hoped you wouldn’t. Now you’re injured badly – but you vow to wear your protective gear from now on.
This scenario plays out at companies over and over again. They know they need security essentials to protect them, but they hope it won’t happen to them. Then, after the hit, they get those tools which will begin to minimise their risk. If they had just used the right tools from the start they wouldn’t have been hurt in the first place – build security tools into your company from the ground up, not as an afterthought.
Know when to update software
It’s nice when you get comfortable in an old program. You know all the shortcuts, and can find every tool with ease. The problem is that older software can stop getting security patches. Worse, it’s hell on an IT administrator to keep a wide range of software and apps secure. It may even be impossible.
Work with your administrators to determine when it’s time for employees to be required to ditch old programs. They’ll complain about it, but it’s better than you complaining about a security breach down the line. Sweeten the deal by giving them time to train on the new software, and give them paid training if need be.
Control your cloud security
Cloud storage is fast becoming one of those security essentials that everyone is getting in on. The problem is that many types of people, the hacking type, are also getting in on it too. Think of cloud storage as a stadium where anyone is allowed in. Do you want your data to go in like everyone else, sit in the same seats, and be put at the same risk?
For a more private option, consider encryption standards that are above the norm. A
Having controls on employee growth and departure
Here’s a security scenario for you to consider:
- Marcus is a temp worker. All he really does is make the copies and get the coffee.
- Marcus gets the right coffee for the right guy and is hired full time.
- Marcus combines his abilities to do his job well with getting the right coffee for the right person at the right time and is promoted.
- Marcus is hired away by another company when they see how well he does his job.
During this scenario, Marcus’ access level to data should have went like this:
- Access levels low.
- Access levels rise to fit position.
- Access levels rise to fit position.
- Access levels completely cut off.
If every single hire of yours doesn’t fit this pattern exactly, you’re failing big time at one of the biggest threats you’re not worried about – insider threats. These happen all too often when an employee who once worked for you leaves the company but finds their access levels remain. It can also happen with temp workers who are looking to steal a bit of data and sell it or use it.
No one wants to think that the new person they’re hiring on is a threat, but in today’s digital age you have to be sure that the password they had to your system no longer works the moment they leave. You have to be sure that the access they are given as a temp is lower than an actual employee. Failing to do so will come back to haunt you one day.
Feature image Mikko Lemola /Shutterstock