<img src="https://ws.zoominfo.com/pixel/jnR3yw9SSE9grlKbLd12" width="1" height="1" style="display: none;">
Get Your IT Health Check

Office1 Blog

The Three Top Pieces of Sensitive Data in Your Network (And What You Can Do to Protect Them!)

October 9, 2018 | by Gideon Ford

Although defending all aspects of your business from internet threats is important, the sensitive data you’ve acquired in your company should take priority. The data that your customers and employees entrust your company with should be safeguarded with the highest security protection.  

Sensitive data is any critical, safeguarded information your business has or has acquired. All private information referring to your organization, customers, employees, or third party vendors is considered sensitive data and should be protected to the highest degree. If this data were to fall into the hands online criminals, it could spell disaster for your organization and those associated with it. 


Below is a list of the three most important pieces of sensitive data flowing through your network and tips on how to ensure they’re secure and protected.


     1. Customer Information 

Customer information is usually the first thing that comes to mind when considering sensitive data. This consists of first and last names, personal addresses, credit card information, social security numbers, email addresses, and more. Even large, established companies such as Macy’s, Adidas, and Delta Airlines have fallen victim to data breaches where valuable customer information was stolen, many of which were caused by flaws with the payment system.

According to research done by KPMG, 19% of consumers would completely stop shopping at a store after a data breach, while 33% would take an extended break from shopping there. A data breach involving customer information could result in shameful PR coverage, costly lawsuits, loss of trust, and serious damage to your business’s reputation.


     2. Employee Information

Similar to customer information, employee information includes the names, addresses, banking information, and the login information of the employees associated with your company. If this information were to be violated, not only would your employee’s information be up for grabs, but hackers could gain an uninvited inside-look into the private workings of your company through employee accounts.   

One of the most popular ways hackers can get ahold of employee information is through phishing schemes, where the hacker poses as a legitimate entity in an attempt to get data from their target. Once an account is breached, a criminal can send direct messages to the victim's contacts, or even go as far as replying to existing email chains that fools their target’s contacts into believing it's a message from someone they’re familiar with. Phishing is rapidly becoming more advanced and trickier to spot, with 76% of businesses claiming they had fallen victim to phishing schemes in 2017. This isn’t just pertaining to SMBs; internet giants like Google and Facebook were hoaxed out of $100 million through an email phishing scheme when a criminal posing as a computer-parts vendor gained access to valuable employee data.




     3. Intellectual Property and Trade Secrets

Nearly every company has—or has access to— confidential intellectual property or trade secrets of some sort stored in their network, with a third party, or in some sort of document management system. This data could extend to product specifications, competitive research, or anything that would fall under a non-disclosure agreement with a vendor. Unfortunately, untrustworthy insiders or employees are the main source of these information leaks, having been enticed by competitors to give up company secrets.

A recent study by IS Decisions found that one-third of U.S. and U.K. office workers still had access to their former company's data and systems after leaving their jobs. In one case of IP theft, a company discovered that an employee had copied $40 million worth of trade secrets to a USB drive, and was using the information in a side business she had created. In yet another, a large IT organization didn’t realize that it had been victimized until it happened to see a former employee at a trade show selling a product that was remarkably similar to the organization’s. Estimated financial impacts in the theft of IP cases averaged around $13.5 million (actual) and $109 million (potential) in 2017. Not only could these types of attacks cost your company thousands of dollars, but the potential profit to be made from the stolen property or idea may be in jeopardy as well.

Tips on How to Protect Your Sensitive Data

Too many companies have fallen victim to breaches where sensitive data was compromised. Fortunately, there are ways to prevent this from happening to you and your business.


     1. Encrypt all Sensitive Data

Protect your data from prying eyes by translating it into a secret code only accessible to select company personnel. For example, most legitimate websites use “Secure Socket Layer”(SSL), which encrypts data when it is sent to and from a website. This keeps attackers from accessing the data while it is in transit. It is a good idea to use SSL when you store or send sensitive data online- even emails should be sent over an encrypted connection. Encryption helps protect privacy by turning personal information into coded messages intended only for the parties that need them.

Inline Graphic | 5 Easy Ways to Educate Your Team on Internet Security Best Practices 

     2. Keep Security Software Up-to-date

Technology is constantly evolving. The software we used ten years ago is nothing like we see today- the same goes for malware. New malware used to hack into private data is continuously released and spread at an alarming rate. Making sure your security software is always up-to-date is key to defending against today’s latest threats and vulnerabilities. Not only do updates improve functionality and fix bugs in the software, but they also keep you safe from known security holes, with the newest patches in place to protect information that could be at risk. So next time that pesky “time to update” notice pops up on your computer screen, think twice before you hit “remind me later”!


     3. Use Strong Passwords

Your company name is not a strong password. The word “Password” is definitely not a strong password. Even your birthdate, nickname, favorite movie, or the name of your city’s football team should never be used as a password. Hackers look for information they can find online to link you to a possible password, as well as common terms from pop culture and sports to break into online accounts because they know people are using those easy-to-remember words.

Creating a strong password is one of the easiest ways to protect your online accounts from hackers. Taking the time to educate your employees on how they can safeguard their own accounts is crucial is any business and heavily pays off in the long run. Long passwords with twelve characters or more, mixed with symbols and upper and lowercase letters are best. Every account login should have a different strong password, and if remembering all of them becomes to much to handle, you can utilize a password manager to organize passwords and automatically log into accounts to save you from the hassle.


FREE eBOOK! 6 Cybersecurity Trends Every SMB Must Know. Get It Now >>

Categories: Security

Gideon Ford

About Gideon Ford

Gideon Ford is a Professional Services Help Desk Technician for Office1 working to solve all issues related to IT. Gideon has worked with IT for nearly a decade and is familiar with Information Systems Security, Networking, SMB and Mobile Technologies, and providing remote support for those users. He has also worked with and supported a Department of Defense Aviation Contractor providing Network and Security support. Provided Mobile device technical support for a wireless carrier and most recently was part of AppleCare’s Senior Technical support team. Gideon Received his Bachelor of Science in 2012 from Westwood College in Denver in Information Systems Security. In addition to his degree specialty, he has trained in the areas of A+, Network+, and Security+ to name a few.

blogs related to this

CMMC Compliance: A Brief Guide

We live in an era of cyber espionage. In the first quarter of this year alone, we experienced a 30% rise in major cyber-attacks. While COVID-19 was...

Why Implement SOAR in Your Organization? A Close-Up on How You Can Improve Your Cybersecurity

There’s no doubt that cybersecurity is a priority for enterprises today. While the exact future of remote work is still somewhat up in the air, the...

How Often Should I Update My Password?

How often should you change your passwords? Every week? Every month? Every year? If you're still using a password like "password123," the answer is...