Preventing Information Security Errors

Information security breaches are an often-silent enemy that create havoc for your company. Most of the time they come unexpectedly, stealing your valuable time and attention, and leaving you open to lawsuits.

No one is immune from making information security errors, but reducing the risk and being prepared will help decrease downtime, damaged reputation, and financial loss. Here are a few causes and prevention tips for information security errors.

1. Lack of Employee Awareness

We all make mistakes, and often those mistakes are the result of being uninformed. Train employees to be vigilant of potential security attacks and know how to safeguard passwords. Despite the steady increase in cyber-attacks, including some recent high-profile cases, few companies are investing time or budget into building a strong digital safety culture among their employees.

Recommendations

• Immediately revoke system access from departing employees
• Keep software upgraded and patched, making cyber-attacks difficult
• Since email spam filtering isn’t failproof, teach employees to recognize, avoid, and flag suspicious emails
• Teach employees the importance and purpose of a strong password, what one looks like, and create a requirement for employees to regularly update their passwords
• Supply a company computer that is not authorized for personal use and can only be used offsite when and where security measures are sufficient, i.e. not on coffee shop WiFi, but at home and connected to your company’s virtual private network (VPN)

2. Lack of a Cyber-Security Policy

We all know the importance of cyber security, but most companies fail to do enough about it. Having a policy in place doesn’t guarantee 100% protection, but not having a policy almost guarantees a breach, sooner or later.

A cybersecurity policy lays out rules and responsibilities for protecting IT systems and company data, and it goes hand-in-hand with employee awareness.

McAfee defines cybersecurity procedures as “the rules for how employees, consultants, partners, board members, and other end-users access online applications and internet resources, send data over networks, and otherwise practice responsible security.”

Recommendations

• Create a formal document clearly stating your company’s security policies. Make sure it gives clear guidance to employees about their limitations with the company’s IT systems, networks, and devices. Include policies and procedures for social media use, internet access restrictions, passwords, remote access, digital signatures, the handling of sensitive data, wireless communications, email security measures, using third-party applications and networks, and identifying and reporting a cybersecurity threat or breach.
• Review and update the cybersecurity policy frequently.

3. Lack of Proper Hardware Disposal

Over time, your digital hardware will break down, become obsolete, and need replacing or upgrading. Hard drive reliability drops off substantially in the third year, so hardware updates are inevitable. In a throw-away culture, it seems natural to simply recycle data storage media, but they contain sensitive, confidential data about your company, its clients, and employees.

Recommendations

• Create a secure, redundant backup plan
• Engage a NAID AAA Certified information management company to have your digital media destroyed beyond recognition. This will make sure no information has left the building.

Time is a crucial element when an information security error occurs—or is about to occur. Dealing with it properly and immediately will lower the damage to company operation. Being proactive will also help reduce the possibility of errors.

CI Information Management is a NAID AAA Certified document destruction company and can help you safely destroy secure information. Give us a call at 509-586-6090 or complete the form on this page.