croom new

Eclipse Integrated Systems Blog

How to Avoid Becoming the Next Data Security Cautionary Tale

How to Avoid Becoming the Next Data Security Cautionary Tale

Data security isn’t a matter to be taken lightly, as too many businesses have found out the hard way. Unfortunately, there are far too many simple ways to correct common security issues - enough that it’s foolish not to do so. We’ll review a few ways to fix security issues, after discussing one of, if not the, most egregious security failings in modern history.

The Equifax Problem
Sometime between May and July of 2017, the credit-reporting giant Equifax suffered a massive data breach that, as of this writing, exposed 148.1 million records containing the personally identifiable information of their customers. In other words, this breach exposed the data of almost half of the population of the United States of America.

In the aftermath of the Equifax data breach scandal, former CEO Richard Smith was cross-examined by Congress. Upon hearing Smith’s defense of “human and technology errors,” Chairman of the House energy and commerce committee Greg Walden quipped, “I don’t think that we can pass a law that fixes stupid.”

How to Fix Your Business’ Security
While Walden may be correct that stupid can’t be fixed by legislation, it may be able to be mitigated through the faithful enforcement of certain standards and practices. These standards should be enforced both on an organizational level, and on a case-by-case, personal basis.

First, let’s review what you should enforce in your organization:

  1. Compliance should be the baseline - Unfortunately, compliance with regulations often does not equal true data security. Instead of looking at compliance as being the ultimate goal for your business, consider it the first step to your business security strategy.
  2. Vulnerabilities need to be promptly remediated - It is astounding that so many exploits rely on known vulnerabilities… a full 99 percent of them. Furthermore, other attack vectors often utilize vulnerabilities that are a half a year old at least. Patching these vulnerabilities as soon as possible will help cut down on threats to your business’ data and infrastructure.
  3. Data security needs to be centralized, organized, and assigned - While security should be a shared responsibility throughout the company, there needs to also be someone taking lead and accepting responsibility for ensuring that data is properly distributed in a secure fashion. Part of this responsibility should be to implement access controls, ensuring that the data only can spread to whomever it needs to and no one else.

Encouraging Your Employees’ Security
Of course, your employees are largely in control of how secure your company remains. This could be a bad thing, unless they are also held to certain best practices that keep data, and the accounts that can access it, secure. There are a few basic rules you can enforce among your staff to help encourage them to act securely.

  1. Lazy credential habits - There are a variety of behaviors to adopt that can better protect the accounts and solutions that your employees have. First of all, the classic password problem: reusing the same password for every account. If one or more of your employees does this, each one is essentially creating a master key that someone could use to access everything in their life, including your data. Neglecting to set a passcode of some sort for a mobile device can cause the same issue. An effective way to remedy this kind of behavior is to utilize a password management system. That way, your employee can reduce the number of passwords they have to remember, without sacrificing security.
  2. Oversharing - While you can’t necessarily control what your employees do in their off-hours, you should reinforce how easily a cybercriminal could piece together their passwords through some examination of their social media, especially if they subscribe to the lazy credential habits we just reviewed. See if they’ll avoid sharing personal anecdotes or information without first restricting the audience that can see that particular post. At the very least, they should have their social media accounts set so that only their approved friends can see their content. Furthermore, do your best to avoid oversharing from the office. Images can easily show confidential information if you aren’t careful, by accidentally capturing an invoice or your customer relationship management solution pulled up on a screen in the picture. Review what you are about to post before taking the image and before you share it online.
  3. Using the wrong Wi-Fi - While public Wi-Fi connections may be convenient, you should remind your employees that this convenience comes at a price: the security of public Wi-Fi is suspect at best. They should be warned against doing anything especially important over a public Wi-Fi signal, like banking or checking their email.

Data security is a critically important consideration, in part because there are so many ways that it can be undermined. We have some solutions to offer that can help keep your business secure (despite what may sometimes seem to be your employees’ best efforts). Reach out to Eclipse Integrated Systems at 800-340-0505 today!

Tip of the Week: Working with Your Router for Bett...
How to Balance Your IT’s Value Against the Cost
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, February 24 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Privacy Business Computing Cloud Network Security Google Hackers User Tips Internet Productivity Malware Software Microsoft Business Management Innovation Efficiency Tech Term Hosted Solutions Backup Computer Business Windows 10 Browser Email Apps Cybersecurity Smartphones Mobile Devices Managed IT Services Hardware Productivity Saving Money Smartphone Internet of Things Communication Collaboration Windows Data Recovery Data Backup Passwords Small Business communications Android VoIP Virtualization Cybercrime Data Security Holiday Business Continuity Mobile Device IT Support Mobility Data Operating System Microsoft Office Law Enforcement Wireless Disaster Recovery Ransomware Workplace Tips Network Users IT Support Office 365 Miscellaneous Windows 10 Cloud Computing IT Services Outsourced IT Social Media Chrome Wi-Fi Mobile Device Management Telephone Systems Phishing Server Update BDR Quick Tips Password Money Gadgets Google Drive Cost Management Social Employer-Employee Relationship Facebook Government Application Health Information Technology App Upgrade Risk Management Vulnerability Best Practice Unsupported Software Save Money Managed IT Services Sports Two-factor Authentication Work/Life Balance Managed IT Networking Automation Office tips Current Events USB Personal Information Proactive IT Artificial Intelligence Antivirus Spam Alert Streaming Media Computers Managed Service Provider Bandwidth Blockchain Information Identity Theft Hacking User Error Shortcut Marketing Patch Management Politics Data Management Social Engineering Data Protection Telephony Humor Word History End of Support Battery Compliance Applications Maintenance Remote Computing Outlook Training Instant Messaging Private Cloud Touchscreen Meetings Audit Recovery Managing Stress Save Time Excel HaaS Company Culture Storage Going Green iPhone Apple BYOD Automobile Tech Support Devices SaaS Commerce Gmail eWaste Remote Monitoring and Management Computer Care Cortana Transportation WiFi Access Control Mobile Computing DDoS Medical IT Internet Exlporer Legal G Suite Search Mobile Security The Internet of Things Analytics Wireless Technology Hosted Solution Wireless Charging Google Docs Office Fraud Flexibility Television Managed Service Business Intelligence Data Storage Cleaning VPN Router Connectivity Samsung OneNote Encryption Administrator Credit Cards PDF Worker Commute Value Dark Web Scam Nanotechnology Edge Scalability Hybrid Cloud Consultant Teamwork Data Privacy Hiring/Firing iOS Books Unified Communications Help Desk E-Commerce Screen Mirroring Specifications Data Theft Virtual Assistant Windows 10s Evernote Experience Downloads File Sharing Language Access IT Management Text Messaging Error Employer Employee Relationship Root Cause Analysis Uninterrupted Power Supply Operating Sysytem Windows Ink Ciminal How To Managed IT Service Cast Sales Point of Sale Hard Drive Benefits Licensing Device Security Wearable Technology RAM Certification Payment Budget Computing Plug-In Solid State Drive Phone System Trends Troubleshooting Settings IT Solutions FAQ Internet Explorer Microsoft Office 365 Computer Accessories Augmented Reality Avoiding Downtime Google Maps Project Management Cables Electronic Medical Records Chromecast Retail Advertising Chromebook Reporting Smart Technology Computer Fan Travel Video Games Microsoft Teams Security Cameras Vulnerabilities App store Hacker Hard Disk Drive Sync Workers Music A.I. Profitability Files Safety Emails Charger Threat Data Loss IT budget Reputation Virus Voice over Internet Protocol Conferencing Printing WannaCry Laptop Tablets Spyware Running Cable Wearables Unified Threat Management Cryptocurrency SharePoint Virtual Reality Analysis Keyboard Updates Movies Eliminating Downtime Legislation Webinar Robot WIndows Server 2008 Entertainment PowerPoint Authentication Vendor Management Bluetooth Distributed Denial of Service Black Market Proactive HBO Gifts Google Assistant GDPR Touchpad NFL Bring Your Own Device Upgrades Education Identity Data storage Adobe Microsoft Word Big Data Wireless Internet Healthcare Trending Comparison Amazon IT solutions Lithium-ion battery Data Breach Authorization Microsoft Excel Identities Fax Server Websites Worker Printers Relocation Twitter Regulation Cache Remote Monitoring Emergency CrashOverride Disaster Paperless Office Monitors

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      Latest News

      Eclipse Integrated Systems launches new website!

      Eclipse Integrated Systems is proud to announce the launch of our new website at www.eisystems.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

      Read more ...

      Account login