Although defending all aspects of your business from internet threats is important, the sensitive data you’ve acquired in your company should take priority. The data that your customers and employees entrust your company with should be safeguarded with the highest security protection.
Sensitive data is any critical, safeguarded information your business has or has acquired. All private information referring to your organization, customers, employees, or third party vendors is considered sensitive data and should be protected to the highest degree. If this data were to fall into the hands online criminals, it could spell disaster for your organization and those associated with it.
Below is a list of the three most important pieces of sensitive data flowing through your network and tips on how to ensure they’re secure and protected.
1. Customer Information
Customer information is usually the first thing that comes to mind when considering sensitive data. This consists of first and last names, personal addresses, credit card information, social security numbers, email addresses, and more. Even large, established companies such as Macy’s, Adidas, and Delta Airlines have fallen victim to data breaches where valuable customer information was stolen, many of which were caused by flaws with the payment system.
According to research done by KPMG, 19% of consumers would completely stop shopping at a store after a data breach, while 33% would take an extended break from shopping there. A data breach involving customer information could result in shameful PR coverage, costly lawsuits, loss of trust, and serious damage to your business’s reputation.
2. Employee Information
Similar to customer information, employee information includes the names, addresses, banking information, and the login information of the employees associated with your company. If this information were to be violated, not only would your employee’s information be up for grabs, but hackers could gain an uninvited inside-look into the private workings of your company through employee accounts.
One of the most popular ways hackers can get ahold of employee information is through phishing schemes, where the hacker poses as a legitimate entity in an attempt to get data from their target. Once an account is breached, a criminal can send direct messages to the victim's contacts, or even go as far as replying to existing email chains that fools their target’s contacts into believing it's a message from someone they’re familiar with. Phishing is rapidly becoming more advanced and trickier to spot, with 76% of businesses claiming they had fallen victim to phishing schemes in 2017. This isn’t just pertaining to SMBs; internet giants like Google and Facebook were hoaxed out of $100 million through an email phishing scheme when a criminal posing as a computer-parts vendor gained access to valuable employee data.
3. Intellectual Property and Trade Secrets
Nearly every company has—or has access to— confidential intellectual property or trade secrets of some sort stored in their network, with a third party, or in some sort of document management system. This data could extend to product specifications, competitive research, or anything that would fall under a non-disclosure agreement with a vendor. Unfortunately, untrustworthy insiders or employees are the main source of these information leaks, having been enticed by competitors to give up company secrets.
A recent study by IS Decisions found that one-third of U.S. and U.K. office workers still had access to their former company's data and systems after leaving their jobs. In one case of IP theft, a company discovered that an employee had copied $40 million worth of trade secrets to a USB drive, and was using the information in a side business she had created. In yet another, a large IT organization didn’t realize that it had been victimized until it happened to see a former employee at a trade show selling a product that was remarkably similar to the organization’s. Estimated financial impacts in the theft of IP cases averaged around $13.5 million (actual) and $109 million (potential) in 2017. Not only could these types of attacks cost your company thousands of dollars, but the potential profit to be made from the stolen property or idea may be in jeopardy as well.
Tips on How to Protect Your Sensitive Data
Too many companies have fallen victim to breaches where sensitive data was compromised. Fortunately, there are ways to prevent this from happening to you and your business.
1. Encrypt all Sensitive Data
Protect your data from prying eyes by translating it into a secret code only accessible to select company personnel. For example, most legitimate websites use “Secure Socket Layer”(SSL), which encrypts data when it is sent to and from a website. This keeps attackers from accessing the data while it is in transit. It is a good idea to use SSL when you store or send sensitive data online- even emails should be sent over an encrypted connection. Encryption helps protect privacy by turning personal information into coded messages intended only for the parties that need them.
2. Keep Security Software Up-to-date
Technology is constantly evolving. The software we used ten years ago is nothing like we see today- the same goes for malware. New malware used to hack into private data is continuously released and spread at an alarming rate. Making sure your security software is always up-to-date is key to defending against today’s latest threats and vulnerabilities. Not only do updates improve functionality and fix bugs in the software, but they also keep you safe from known security holes, with the newest patches in place to protect information that could be at risk. So next time that pesky “time to update” notice pops up on your computer screen, think twice before you hit “remind me later”!
3. Use Strong Passwords
Your company name is not a strong password. The word “Password” is definitely not a strong password. Even your birthdate, nickname, favorite movie, or the name of your city’s football team should never be used as a password. Hackers look for information they can find online to link you to a possible password, as well as common terms from pop culture and sports to break into online accounts because they know people are using those easy-to-remember words.
Creating a strong password is one of the easiest ways to protect your online accounts from hackers. Taking the time to educate your employees on how they can safeguard their own accounts is crucial is any business and heavily pays off in the long run. Long passwords with twelve characters or more, mixed with symbols and upper and lowercase letters are best. Every account login should have a different strong password, and if remembering all of them becomes to much to handle, you can utilize a password manager to organize passwords and automatically log into accounts to save you from the hassle.