It seems like we can’t go more than a week without reading breaking news that a major company has experienced a data breach.
From Equifax to Capital One, many customers of these companies have learned the hard way that they shouldn’t have trusted these brands to keep their data secure.
A data breach like these is completely avoidable, but only if you don’t deny just how important cyber security is for your business and its customers. If you don’t want to be the next Capital One but are unsure how to go about enhancing your data security efforts, you’re not alone.
We asked these security professionals to break down the data security methods they implore to ensure they don’t experience a data breach. Keep reading to find out what they had to say!
How to strengthen your data security efforts
Before you can take the necessary steps to reinforce the data security efforts your company is taking, let’s define exactly what data security is.
What is data security?
Data security is the act of protecting digital data from malicious forces and unauthorized users from inflicting a cyberattack or data breach.
No matter how big or small your company is, or the kind of information your customers provide you to do business, a data breach could be just around the corner. Don’t leave it to chance and start utilizing these best practice tips!
1. Consolidate your tools
“As a small business, we try to centralize our tools into as few products as possible. For instance, we chose our file share solution based on its ability to consolidate other services we need, such as group communication, shared calendars, project management, online editing, collaboration, and more. So, we chose NextCloud on a virtual private server. One SSL certificate covered everything it does for us. We use a static IP from our internet service provider and enforce secure connections only. The second reason why we went this route was that it encrypts the data it stores, hacking our NextCloud will only get you gibberish files you can't read. It saved us quite a bit of money implementing our own solution, and it has free apps for iOS and Android.”
RELATED: Looking to encrypt your data to help enhance security? Check out this list of encryption software brought to you by G2!
2. Be wary of the cloud
“When it comes to data security, we regularly implore people to not store sensitive data in the cloud! After all, the ‘cloud’ is just another word for 'somebody else's computer'. So any time you put sensitive data up 'in the cloud', you are abdicating your responsibility to secure that data by relying on a third party to secure it.
Any time a piece of data is on a computer that is connected to the internet, or even to an intranet, that connection is a possible point of failure. The only way to be 100% certain of the security of a piece of data is for there to be only one copy, on one computer, which isn’t connected to any other computer.
Aside from that, the weakest link in any organization is often the users - the human factor. To help minimize that, we recommend that organizations disable the so-called 'friendly from' in email, which is when the email program displays the name, and even the contact picture, in an inbound email.”
RELATED: There’s a right way and a wrong way to use the cloud. Learn more about cloud security.
3. Know the signs of a phishing scam
“Employee awareness and training: phishing email awareness and training initiatives can help to reduce the unauthorized access of valuable data. Ensure your workforce understands how to identify phishing emails - especially those with attachments or links to suspicious sites. Train employees not to open attachments from unknown sources and generally not to click on links in emails unless validated as trusted.
It’s also important to be aware of another form of a phishing email, spear phishing, that is far more concerning. Spear phishing is targeted to certain individuals or departments in an organization; those that likely have privileged access to critical systems and data. It could be the Finance and Accounting departments, System Administrators, or even the C-Suite or other Executives receiving bogus emails that appear to be legitimate. Due to the targeted nature, this form of customized phishing email can be very convincing and difficult to identify. Focusing training efforts towards these individuals is highly recommended.”
“There are many ways to protect your internet security, many of which require a trade-off: a high level of protection is rarely accompanied by good UX. A VPN is the most convenient way to secure your data while keeping the overall UX of web surfing at a high level.
Many websites collect personal information which combined with data on your IP address can be used to completely disclose your identity. So, knowing how to use a VPN is an absolute must for two reasons: first, your information will be encrypted, second, you will use your VPN provider's address, not your own one. This will make it harder to reveal your identity, even if some of your data will be compromised during data breaches. In this case, even if hackers will manage to steal your credentials, they won't be able to log in and steal your money”.
“Data breaching is one of the worst nightmares for anyone, since your sensitive data has been accessed by an unauthorized person. For high security of your confidential data, you should be selective over who you allow access. Use AI software, which helps you to notify when something unauthorized activities get to perform on your system.
“As evidenced by the recent Capital One and Equifax hacks, any company can get breached. Most of us work for smaller organizations, and we read every day about these massive breaches. I think we’re getting used to it as a society and it’s easy to shrug off.
To avoid being a company that experiences a data breach, start with buying in. Acknowledge your company requires non-IT executive attention to this security initiative. Understand that you are capable of hiring and retaining the right kind of security leadership if your plan is to do it internally. If your company has less than 1,000 employees, it’s probably a mistake to 100% use in-house security and it would be better served by hiring a risk management company to assist with the long term effort of your data security efforts.
Also, be sure your company has a disaster recovery plan that has been audited and implemented. While you’re at it, spend money on email security and social engineering training for your employees.”
“To protect data privacy, consumers and big enterprises alike must ensure that access to data is restricted, authenticated, and logged. The majority of data breaches are a result of poor password management, which has prompted the growing use of password managers for consumers and businesses. Password manager software allows users to keep their passwords secret and safe, in turn keeping their data secure. In addition, they allow businesses to selectively provide access to credentials, add additional layers of authentication, and audit access to accounts and data.”
- Matt Davey, Chief Operations Optimist at 1Password
RELATED: If you're not sure which password manager software would be right for you to stop data breaches in their tracks, check out our list!
8. Lock up your router
“Your home router is the primary entrance into your residence for cybercriminals. At a minimum, you should have a password that is unique and secure. To take it a few steps further, you can also enable two-factor authentication, or better yet, get a firewall for your smart home hub that acts as a shield to protect anything that’s connected to your WiFi through a wireless connection or your smart home hub or smart speaker.”
No matter the size of your business, it’s imperative that you learn from the mistakes of others and take the necessary steps to build up your data security efforts so that you don't experience a data breach and put your customer’s personal information at risk. Apply these data security best practices to your business sooner rather than later… if you wait too long it could be too late.
Share your knowledge!
Help others within your industry and grow your personal brand by contributing to the G2 Learning Hub! Signing up takes just a few seconds and soon you can be like one of these eight professionals who share their expertise in sales, marketing, or business development with over 1 million monthly readers.
Mara Calvello is a Content Marketing Manager at G2 with a focus on Design, Human Resources, and SaaS Management. She graduated with a Bachelor of Arts from Elmhurst College. In addition to working at G2, Mara is a freelance writer for a handful of small- and medium-sized tech companies. In her spare time, Mara is either at the gym, exploring the great outdoors with her rescue dog Zeke, enjoying Italian food, or right in the middle of a Harry Potter binge.