14 Ways To Protect Your Key Data (Without Buying More Software)
Data security is one of the top priorities -- and biggest challenges -- for modern businesses. High-profile breaches and data leaks are happening constantly, and companies need to remain on alert to ensure their sensitive information doesn't fall into the wrong hands.
For smaller businesses on a budget, it might not be possible to invest in all the latest tools and services that larger enterprises use to protect their data. Fortunately, there are low-cost strategies and processes you can implement to boost your security internally. Here's what 14 members of Forbes Technology Council recommend doing to guard your company's most critical information.
- Keep It Simple
While some people point to training and education as the primary approach to more secure processes, the reality is that the simplification of processes does far more to ensure security than any education. Complexity is the enemy of security and availability. - Danny Allan, Veeam Software
- 2. Plan Ahead
By planning ahead and accounting for privacy settings from the beginning, companies will be better prepared to protect key information. Additionally, your company should establish data security requirements throughout your organization for the full business process. - Alexandro Pando, Xyrupt
- Encrypt Everything And Run Penetration Testing
Encrypt everything with industry-grade security configurations, but know that attempts to breach your data are more and more likely to occur as your company grows. The best way to stay ahead of this curve is to hire a third party to "white hack" by doing penetration testing and seeing where they can exploit your company. If they do it first, you'll prevent the black hackers from doing it later. - David Murray, Doctor.com
- Enable All Optional Security Features
With services such as Salesforce, Microsoft Azure and G-Suite, companies should pay specific attention to optional feature-sets. Multi-factor authentication, data encryption, and validation rules are all free features you can enable to help secure access and data storage. Today's cloud services make security very easy, but your deployment needs to be investigated to ensure you're making use of it. - Tom Roberto, Core Technology Solutions
- Focus On Employee Education
Employee education is a huge part of this puzzle that is often overlooked. All the money invested in data privacy technology can go up in smoke the moment one of your employees makes a wrong move with PHI or PII -- sharing it inadvertently or not using a privacy filter screen on an airplane. Require all employees to complete training annually and make data protection part of your culture. - Kevin McCarty, West Monroe Partners
- Use Open Source Solutions And Invest In Human Resources
To protect key information, companies can implement various open source solutions in their on-premise or in-cloud infrastructure. They are free of charge; however, a sufficient investment in human resources is needed so you can form a knowledgeable team that can build proper intrusion detection, intrusion prevention systems and adopt the best security practices. - Ivailo Nikolov, SiteGround
- Add A 'Canary In The Coal Mine'
Your existing firewall or IDS software already has the ability to create logs when certain strings are found in network packets. Create test accounts with unique names and details in your system, and then have your network team set up rules to alert you when that information passes through the firewall. This simple step can give you an immediate notification of any unusual data exfiltration or breach. - Jason Gill, Attracta
- Use Existing Resources To Their Full Extent
When you are on a budget and need to protect your organization's data and privacy, try to use existing resources to their full extent. Teach employees how to identify phishing emails, disable Microsoft Word's macro, double-check the browser's address bar before entering information, etc. You should also assign IT staff to review existing security software/hardware. - Song Li, NewSky Security Solutions
- Leverage Your Cloud
Building up security infrastructure isn't easy. By leveraging the cloud and enterprise solutions, you shift the burden of technical security to outside partners who have proven abilities to secure their partner's data. Additionally, having a proven vetting process for your vendors that is documented will mitigate claims of negligence. Lastly, don't hold what you don't use. - Kyle Pretsch, Lucky Brand Jeans
- Establish A Threat Response Plan And Team
Establish a thorough threat response plan and dedicated team. Routinely test them and ensure you’re also challenging existing cyber defences with penetration testing on at least an annual basis. You should also be doing inventory spot tests across your organization to ensure no personal data lies hidden or untracked. - Ryan Kearny, F5 Networks
- Start With Ethical Data Practices
Start with having full awareness of software already in use -- where data is and how it is protected. Follow with regular data security and privacy reviews and live scenario training. Adjust or rebuild architecture to support enhanced data compliance. Create a cyber security culture that sticks. All this intrinsically leads to more effective and ethical day-to-day activities for everyone. - Timo Rein, Pipedrive.com
- Only Store What You Need
Companies spend a lot of time seeking and storing a whole lot of information that is not required. It is very important to compartmentalize the data, storing the absolute minimum amount of data required to run the business. Convert account numbers into tokens at the first available opportunity. - Mahesh Vinayagam, qBotica
- Solidify Processes Around Data Access, Changes, Audits And Sharing
Analyze your data inventory and establish a tight process with data access. Scrub confidential information before you share data and enforce a tight change management process. In addition, you should audit key vulnerabilities with static and dynamic scans using open source code analyzer. Finally, you should review and secure your data centre access points and ensure that all data is encrypted. - Amit Mondal, PowerSchool
- Enforce Good Standards Across The Company
The best prevention without any external software is enforcing password policies through guidelines, how-tos, and best practices about password creation, cookie management and two-factor authentication. By enforcing these, you can prevent the "weakest link" so to speak from becoming an entry point that hackers can exploit to bring down your entire system. - Anand Sampat, Datmo
Source: All the above opinions are personal perspective on the basis of information provided by Forbes and contributor Forbes Technology Council.