No one wants to deal with a major security breach. It’s expensive. Plus, it can dramatically alter your company’s public perception. Here’s how to prevent that from ever happening.
Thieves Can’t Steal Data You Don’t Have
Don’t collect data that you don’t need. Most companies these days are a little obsessed with “big data,” and so they’re collecting everything and shuffling it off to the IT department in the hopes that some kind of marketing initiative can be deduced from the mountain of numbers.
In reality, a lot of these number crunching activities are a colossal waste of time, especially for small and medium-sized businesses. Unless you’re a Walmart or Amazon, you don’t need big data, you need small data. You need data like gross revenue, net profit, and lead acquisition cost.
Another thing that many small businesses do, that they don’t need to do, is collect credit card and personal financial data. Why do you need this? There are numerous third-party solutions out there that handle this well already. By retaining credit card processing in-house, the only thing you do is increase your liability and exposure. Outsource it and be done with it.
Pretend You’re a Thief
Breaking through your own security or defenses might seem weird, but it’s one of the best ways to prove that your infrastructure is safe and sound. Outsource the penetration testing to a company that is capable of giving you an assessment of vulnerability in your organisation – a company that knows how to breach security.
These “white hat” hackers are the honest bunch – working for you to prevent the bad guys from breaking through and compromising your customers’ private data. They don't come cheap, but they’re worth it.
Concentrate Your Data Risk
In a world of diversification, it pays to concentrate your risk, especially when it comes to data storage. The more datacenters you use, the more places of entry for thieves. Use an offsite location as a backup, and keep offline backups in-house.
That’s pretty much all you need. Make sure all systems have built-in redundancy and you should be fine.
Play Keep-Away With Your Employees
Don’t allow employees access to data they don’t need. Employees should be quarantined from “mission-critical” data, for example, unless they need it to do their jobs.
Most IT infrastructures can be set up to block of data so that employees can be grouped by security level. All employees within a security level have access to a given block of data on the servers. This is a simple way to prevent data leaks, be they accidental or malicious.
Purge All The Things
Periodically, you should be purging your data. When you don’t need information anymore, get rid of it. The best way to do this is to pick up dedicated applications that can securely “shred” information on your servers or hard drives.
You should also hold your vendors and partners to the same standard as you. And, while you can’t force internal changes in companies you don’t own and operate, you can choose who you do business with.
By Irene Little
Irene is a freelancer who consults with clients on data security issues. She likes to offer her suggestions and insights to an online audience and has written a number of posts previously on relevant websites.