Data security is something every organization in Canada must contend with. Implementing layers of security and 24/7 threat detection can help provide protection, like leaving the your door locked at all times so no one can just walk into your business. But when your staff (executives included) reuse passwords across a variety of different sites and apps, they’ve essentially left the keys to your most valuable information in the lock.
The Password Problem
Hackers have passwords, and they know that people use them on multiple sites. As well, hackers use social engineering to know which executives in your organization have financial roles. And they can use the password they stole from a shopper’s club loyalty card account database, for instance, and try it on your network. And this method often works. Hackers also know that the more complex passwords become, the more likely people are to come up with two or three variations of one that works (i.e., it meets all the criteria for one capital letter, one number, one symbol) and reuse it everywhere – from their grocery store loyalty card accounts to your network.
But it’s more than just the repeated use of the same passwords across different apps and sites that poses a risk to your business; it’s the fact that many people don’t change their passwords even after being notified of a breach. How many of your employees are still using the same passwords (or variations) following the Yahoo data breach? The LinkedIn breach? The Capital One breach?
It Takes More than Passwords to Keep Your Data Safe
Yes, you still need to have strict password policies. But in addition to that, you must:
- Provide ongoing, in-depth training to your staff about threats, including common email threats
- Establish and follow a strict patching regimen so that you prevent potential access to your data through a back door
- Implement as many barriers as possible against a data breach, including layers of security (firewalls, malware detection, network security)
- Monitor your systems 24/7 for threats
- Delete access immediately – including remote access – for any employee who leaves the company
- Require a multi-factor authentication to access any secure area of your network
- Have the capability of logging and monitoring who is doing what inside your network
Protecting data is one of the most complex issues facing organizations today. It’s not just about PIPEDA compliance, although that is a significant factor, but it’s also about protecting proprietary data, customer information, trade secrets, and financial information. Complicating all of this are the hackers who continue to develop more insidious ways to penetrate your defenses, gain access to your data, and either sell it or use it for financial gain. Employing best practices does make a difference.
Data breaches are not going away, but you can minimize the risk to your organization with strong IT security and a comprehensive disaster recovery plan. You can’t just address one of these issues; you must have a comprehensive, proactive data security program that addresses all of these risks and more.
The ITeam understands the IT security issues facing businesses in Canada. We are committed to helping Calgary- and Alberta-based businesses develop proactive, cost-effective IT strategies that minimize risk and maximize efficiency. Contact us to learn more.