Six signs your business is at risk of a data breach
Posted: Mon, 19 Oct 2015 13:20
Barely a week passes lately without another organisation suffering a data breach.
So far this year, high profile examples include Sony, Apple, Ashley Madison, Carphone Warehouse, T-Mobile, Thomson Holidays, Experian… not to mention the US government, local councils, schools and the NHS, and who knows how many breaches which weren't high profile enough for the news.
In short, no organisation's data is immune from falling into the wrong hands, whether as a result of malicious hackers or a hapless employee leaving a memory stick on a train.
Human error is the leading cause of the vast majority of data breaches. The good news? That means protecting your organisation is pleasantly simple to achieve.
If any of these warning signs sound familiar, then following our advice will help eliminate human error, prevent a data breach and all of the ramifications that come with it.
1. Employees have poor password skills
It's a misconception that hackers somehow circumvent login screens with a flurry of keypresses. In reality, hacking often means simply guessing or otherwise determining passwords, something employees make possible by using common, easy to remember passwords, relating passwords to personal details which are easy to discover online, or using the same password on multiple systems.
Correct this by making sure systems require passwords to contain a combination of letters, numbers and special characters (like £, $, & or @), requiring passwords to be changed regularly, and training employees to understand the importance of good passwords.
2. Employees aren't web-savvy
If your employees frequently fall foul of computer viruses or complain about the speed of their computer, only for you to discover countless installed plugins, it's a sign they aren't too web-savvy.
While this doesn't necessarily prevent them from performing their job, it's an indicator that they could get tricked by a malicious email or web page that grants a criminal access to your organisation's data - similar to the technique criminals used to steal £20m from UK banks recently.
Improving web savviness in employees by training them to spot suspicious emails and webpages closes another door hackers commonly use to target your data.
3. Documents and devices are left lying around
If your employees' desks are often cluttered and disorganised then how sure can they - or you - be that information isn't present among the mess which could allow a criminal to access your data?
And while digital devices may be password protected, once a hacker has physical possession of one it's only a matter of time before they gain access to data they contain.
Rectify this by ensuring that staff don't write down sensitive information like passwords, that they destroy any documents that could be used to access your data, and keep all devices locked away when not in use.
4. Too many people have access to too much data
It's sad but true that data breaches are often a result of internal employees either acting maliciously or negligently.
If simply being an employee at your company gives an individual access to every single file on your server, think about the wider implications, especially in bigger businesses with hundreds of employees.
The solution? Ensure employees are only able to access the data they need in order to complete their jobs.
5. Your remote working is a free-for-all
An alarming number of companies leave employees to get themselves up and running when working out of the office. Not only does this negatively impact productivity, it also means that when employees encounter problems they end up finding workarounds.
If your employees end up emailing themselves copies of files, or saving local copies of databases to work on remotely because of a lack of adequate systems or education, then they are putting your organisation at risk of a data breach.
You can prevent this from happening by putting a clear remote working policy in place and educating employees in the best practices for accessing data remotely.
6. Your organisation holds valuable data
Financial crime is one of the top motivators for data breaches. If your organisation holds credit card or bank details to process payments, then you're sitting on a goldmine that criminals would love to get their hands on.
But it's not just financial data that's desirable for criminals. If your systems require customers to login, then criminals who gain access to your data could use it to access other systems your customers are members of. Even general personal information is valuable, as it can help hackers access accounts via security questions.
Holding data is not much different from holding money - it has a value and criminals are constantly on the lookout for new ways to get their hands on it.
Prevent this from happening and guard your data as you would your money by ensuring your employees are trained to avoid the most common pitfalls and you'll avoid a data breach, as well as negative consequences including fines, damage to reputation and lost revenue.
Our Compliance Essentials Suite contains a several eLearning courses to help companies train staff on information governance.