With the crippling financial and legal ramifications of data loss, preventing cyber criminals from gaining access to your information is a top priority. As much discussion as there is about breaches, preventing data loss is equally as important.
There are many fundamental steps you must take to protect your data. The following categories are measures you should focus on to solidify your data security.
The Use of End-to-End Encryption
You should employ the use of encryption at every endpoint for your data, and everywhere in between. In-transit encryption scrambles data during a transfer to ensure that only senders and intended recipients can access your data. At-rest encryption solidifies your files while stored on any computer network. And full-disk encryption is a storage encryption measure that protects data on a given computer (or portable media) by encrypting its hard drive.
The Importance of Authentication and Passwords
Many users access your data through various connections. And a significant step you must take to safeguard your company’s data is to require two-factor authentication before granting access. Two-factor authentication requires both a password and an additional form of authentication, before access is granted to a user. These could be a One Time Passcode (OTP) sent to the user by email, by SMS or by an app like Google Authenticator. Another form of secondary authentication could be requiring the user’s connection to originate from a specific IP address.
SSH-key authentication, in lieu of password, makes user access to critical business data both more secure and easier to manage, regardless of how people are connecting to the server. And the most formidable file sharing solutions allow you to configure user authentication via either passwords or SSH keys.
Remember, all it takes to put your data in danger is one vulnerable user. And one of the easiest ways for cybercriminals to access your files is by breaking down weak passwords. It’s essential that to follow password best practices and enforce policies and protocol across your business.
Below are just a few of the best practices to implement.
- Choose passwords that comprise long strings of unrelated numbers, letters and special characters
- Forbid the use of passwords used on employees’ personal applications and devices
- Require your employees to change their passwords periodically, perhaps every 90 days
- Assign individualized sets of file permissions based on account status so that if an account’s password is compromised, the entire file server is not at risk.
- Never allow users to share the same login credentials.
And in case an employee forgets their encryption key or leaves the company, you must ensure that you have a process in place to immediately change or suspend their access.
Establishing Controls to Prevent Data Loss
Preventing data loss starts with strategic planning. In order to sufficiently protect your information, you must outline any procedural requirements or efforts as part of your data security policy. These should be procedures that your IT department can effectively implement company wide. And they need the the backing of your leadership team.
Controls you should consider putting in place include:
- Develop transparent data collection procedures
- Develop secure networks capable of protecting your data and systems
- Create and communicate procedures for reporting privacy breaches or data misuse
- Restrict and monitor access to sensitive data
- Implement current software, apps or other technological security measures
Encryption in the Cloud
In efforts to become more productive and efficient, many businesses have turned to the cloud to backup, store and share files. Afterall, a hard drive is limited in space. And sharing information from one physical drive to another is not the most efficient way to transfer files. The cloud isn’t always the safest place to manage sensitive data, however. Whether you’re using Google Drive or any other cloud storage service, proceed with caution.
Cloud computing introduces new security concerns. Your files may likely be encrypted during file upload to your provider’s servers. But your provider can decrypt them, and anyone with super-user access to your account could still view your files.
That being said, you can still protect sensitive information stored on the cloud by using client-side encryption. Client-side encryption makes it so those managing the cloud platform as super-users can’t view your files on the cloud storage system.
To access client-side-encrypted files, you’ll need to share your encryption keys with those you are sharing files with, which adds some complexity to the process. But it’s is a worthy cost in an effort to mitigate the risk of data loss. And you don’t have to encrypt every file. Encryption is ideal for sensitive files, so you can choose to encrypt only those you wish to most strongly protect. Just be sure to use a strong passcode when you set up your encryption.
The most widely used tools for client-side encryption are based on OpenPGP.
Proper Employee Training
Employees routinely breach IT policies and compromise company data. Senior managers often have difficulty setting and enforcing effective policies to protect against data leakage. According to Larry Ponemon, chairman of the Ponemon Institute:
"Data leakage and loss from negligent file sharing is now just as significant a risk as data theft. While most companies take steps to protect themselves from hacking and other malicious activities, these same organizations are entirely unprepared to guard against risky and ungoverned file sharing using consumer-grade applications like Dropbox."
Your leadership and IT teams can completely understand the circumstances by which data is compromised. But if one user isn’t knowledgeable about how their actions affect data security, your information could always be put in jeopardy. It’s why user training is so critical to protecting against data loss.
Consider employing data loss prevention programs that supplement training by prompting users when they put your data at risk of fail to handle files based on your policies.
Balancing Efficiency and Data Loss Prevention
No matter your organization or line of work, you’ll always have to make decisions with both productivity and security in mind. It’s simply the nature of business.
Will employees need to work remotely? Will employees work faster using the cloud? Yes and yes. But you can enforce policies and find solutions that balance both efficiency and data loss prevention. Take measures to protect your files stored and transferred on the cloud. And encrypt your data to protect against data loss.
Every business is subjected to the risks of data threats, but there is plenty you can do to protect your information.