Manage my business

Avoid security breaches: How to protect your data

Data breaches at major corporations seem to be perpetually in the news. The hacks range in size and scope, but it’s no secret that firms hit by hackers often suffer serious consequences.

What can you do to help prevent your organization from becoming tomorrow’s cyber-breach news headline? Here are 18 pointers:

  1. Educate all employees on the importance of protecting sensitive information. Explain the need to avoid risky behavior – such as downloading music or videos from rogue. Once employees understand that criminals want the data with which the employees work, their thinking changes in ways that can make the organization’s data much safer than before.
  2. Understand what data you have and classify it. You cannot secure information if you do not know that it exists, where it is stored, how it is used, how it is backed up, and how it is decommissioned. Make sure you know those things about all of your sensitive information.
    Because not all data is equally sensitive, make sure to classify data according to its level of importance.

Jumpstart your business with a crash course in Microsoft 365

Empower your team to be productive every day, from virtually anywhere, with Microsoft 365. 

Learn more
  1. Do not give every employee access to every system and piece of data.
    Create policies governing who have physical and/or electronic access to which computer systems and data,
    and implement procedures, policies, and technical controls to enforce such a scheme. Authorize people
    to access the data that they need in order to do their jobs but do not provide them with access
    to other sensitive data.
  2. Consider moving sensitive information and systems to a cloud provider.
    Unless you have an adequate information security team, the odds are pretty good
    that a major cloud provider will do a better job than you at securing your system and information against various risks.
  3. Enable remote wipe.
    All portable electronic devices on which sensitive information will ever be
    stored should have remote wipe capabilities enabled.
  4. Give everyone his or her own access credentials.
    Ensure that each person accessing a system housing sensitive information
    has his or her own login credentials.
  5. Ensure that everyone uses proper passwords to access such systems.
    People like to use easy-to-remember passwords; without policies and technology
    to enforce the selection of proper passwords, organizations are at risk of having
    passwords such as “1234” being the only line of defense against unauthorized access
    to sensitive information. So, craft proper policies and implement technology to ensure that the policies are properly enforced.
  6. Go multi-factor.
    For accessing systems with especially sensitive information,
    consider implementing some form of strong, multi-factor authentication.
  7. Deal with BYOD.
    Make sure that you have policies and technology in place to address
    the many risks created by employees, contractors, and guests bringing
    personal devices into your facilities and connecting to corporate networks.
    All access to the Internet from personal devices or devices belonging to
    other businesses should be achieved via a separate network than is used for
    company computers.
  8. Encrypt.
    Encrypt sensitive data when storing it or transmitting it.
    There are many commercial and free tools available to do this –
    some operating systems even have encryption capabilities built in.
    As you probably suspect, if you are not sure if something
    should be encrypted, encrypt it.
  9. Backup. Backup. Backup.
    Backup often. Most people and businesses do not,
    and many (if not most) will not realize the danger of their
    mistake until it is too late.
  10. Keep your backups separate from production networks.
    If ransomware gets onto one of your production networks it
    could corrupt any backups attached to that network.
    Maintain offsite backups in addition to onsite backups.
  11. Create appropriate social media policies and enforce them with technology.
    As so many organizations have learned the hard way, policies alone do
    not ensure that employees do not leak sensitive information or make
    otherwise inappropriate social media posts; implement technology to help
    with this task. Remember, many serious breaches begin with criminals
    crafting spear-phishing emails based on overshared information on social media
  12. Comply with all information security regulations and industry standards.
    Consider such regulations a baseline – but not rules that if
    adhered to will offer adequate protection. GDPR, for example,
    is a regulation going into effect in 2018 for which many businesses still need to prepare
  13. Use appropriate security technology.
    Do not just buy the latest and greatest.
    Acquire and utilize what you actually need by defining functional
    and security requirements and selecting security controls accordingly.
    On that note: All computers and mobile devices that handle sensitive
    information or ever connect to a network to which devices that house
    sensitive information connect need have security software installed.
  14. Ensure that technology is kept up-to-date.
    Besides keeping security software up to date,
    make sure to install patches to server and client-side
    operating systems and software. Many major vendors have automatic update services – take advantage of these features.
  15. Keep IoT devices off of production networks.
    Treat Internet of Things devices as if they were a special class
    of risky BYOD devices – and keep them on their own networks.
    And only purchase IoT devices that have proper security capabilities
    such as the ability to be patched and to
    have default passwords changed upon installation and activation.
  16. Hire an expert to help you.
    There is a reason that business people go to doctors when they
    are ill and don’t try to perform surgery on themselves,
    and utilize the services of lawyers if they are being sued
    or accused of a crime. You need experts on your side.
    Remember, the criminals who are targeting your data have experts
    working for them – make sure that you are also adequately prepared.

While there are no guarantees when it comes to information security – even the most security-conscious of organizations still face some level of risk – by following those 18 pieces of advice, you can greatly improve your organization’s odds of fending off hackers who seek to steal its confidential information.

Get started with Microsoft 365

It’s the Office you know, plus the tools to help you work better together, so you can get more done—anytime, anywhere.

Buy Now
Related content
Manage my business

How to think about data protection & GDPR

Read more
Manage my business

Understanding the basics of ransomware and how to stay safe

Read more
Manage my business

5 threat management challenges and opportunities

Read more

Business Insights and Ideas does not constitute professional tax or financial advice. You should contact your own tax or financial professional to discuss your situation..