When it comes to the things laptops are used for, data protection tends only to be a priority for the tech-savvy.
When it comes to data security, all too often people prioritize the wrong things.
We all go to great lengths to protect our physical laptops, for example. We’re careful where we leave them, we make sure to hide them away when we’re traveling, and we come up with eccentric passwords to protect them.
Yet, when it comes to the things laptops are used for, data protection tends only to be a priority for the tech-savvy. Most people don’t have multi-factor authentication on their email, or will use the exact same password for hundreds of sites—and these same types of “digital habits” then become the standards for which small businesses, and even large corporations, handle client information. We’ve seen this happen at scale with the Yahoo data breaches in 2013 and 2014 (affecting over 3.5 billion users), the Marriott/Starwood breaches, Equifax, and now Capital One is saying 100 million customers have had their data compromised.
These data breaches happen all the time. And they never happen because someone left the front door open. It’s because someone forgot to close the side door or the back door.
So, what do we do? And especially if you’re running a company, how can you ensure your company’s most sensitive data doesn’t fall into the wrong hands?
First, it’s important to understand data security at a high level.
There are 5 main categories:
- System/Data Tampering: Access to your systems or your data by an unauthorized third party.
- Exploitation: Misusing resources that were left open and shouldn’t be available to people.
- Unauthorized access: Accessing sensitive information people shouldn’t have access to.
- Disruption: Disrupting the normal function(s) of business or business processes.
- Ransomware: Attacking and either encrypting data or encrypting systems so that the original operators no longer have access.
Basic data security, then, should cover the above at a minimum.
Second, determine what information is truly sensitive and what isn’t.
It’s imperative that company leaders, even middle managers, make sure that each and every employee is doing what must be done to protect the data they’re responsible for.
For example, here at Karbon, the first thing we do when a new employee starts is to make security education part of the onboarding process. We cover basic things like not writing passwords down, instead using the platform Okta to access protected passwords as needed. And then we also cover the obvious (and yet not-so-obvious) stuff like not using outside removable USB sticks, using safe internet habits, not looking at porn on your work machines, and all the other use cases you’d be surprised how many people forget (or worse, don’t deem important).
Netflix’s newest grand slam film, The Great Hack, has also been a wake-up call for people and companies, showing that your data can still be easily accessed from the world’s largest social media networks like Facebook. Making sure you and your employees are using multifactor authentication in nearly all of your mainstream applications (email, Google, Office 365, etc.) has now become a requirement of responsible business practices.
Third, make sure your team has a handle on how to protect both personal and company information.
This is a cultural decision, more than anything else.
How often does your team talk about security and privacy? Where does it play a role in your business? Is it mentioned once a year? Does it get brought up at all?
There are still plenty of companies in the world that run Windows servers that act, more or less, as an open invitation to the outside world. They have virtually no security precautions, they aren’t operating with modern-day technologies, and customers are completely uninformed about the protection of their information. This is one of the many justifications for moving to the cloud, and having someone or some entity be responsible for making sure that company servers are locked down and inaccessible.
In fact, security is one of the most interesting industries in the world right now. It’s massive, it’s growing, and it has virtually unlimited potential at the moment. For proof, look no further than the recent IPO of CrowdStrike. This is a company looking to be the SalesForce of security, and they’re absolutely on that path. It speaks to the heightened need and global interest in data privacy and protection happening across every industry.
Now more than ever, security and privacy need to be embedded deeply into the culture of the organization.
Otherwise, a vulnerability or breach is inevitable.