Centralize Responsibility for Digital Data Security
Appoint one person to be responsible for identifying and correcting weak points in the organization’s computer security system. This may be the responsibility of the company’s chief information officer, IT manager, or risk manager. The crucial point is that a single individual should be accountable for discovering and fixing any cyber and privacy-related vulnerabilities.
Manage Data (both print and digital)
Only collect sensitive data that is required for business purposes.
Do not keep data any longer than necessary.
Limit access to sensitive information.
Know what data is kept and where
Understanding what type of data is being stored and where it is being stored will provide insight as to where security measures should be employed. For instance, if sensitive information is stored on laptops or mobile phones, then technology providing the ability to wipe devices clean if lost or stolen might be employed to mitigate loss.
Physically Secure Servers
Servers should be physically secure and protected with access limitations, locks, and fire protection systems.
Segregate Access to Data on a Need to Access Basis
Make use of firewalls and credential programs to ensure access to data is only available to those that need such access to perform their business function. This is especially true for vendors that are given access to your computer systems – avoid the situation experienced by Target when a hacker gained entry into Target’s POS data systems through their HVAC vendor! The same should be employed with internal personnel – firewalls, passwords and employee identification numbers.
Invest in encryption software and establish e-mail guidelines that reduce the chance that sensitive data is intercepted.
- antitheft technologies
- data back up
- encryption software
- content wiping technology
Termination procedures should include the process of immediately deleting that person’s access to any computer systems. Changing passwords following the departure of an employee who had access to company systems can reduce the likelihood that a disgruntled employee will impair electronic communications within an organization – this is a large source of cyber claims.
Create, train employees and enforce corporate social media policies that apply to all employees, including executives.
Train employees to delete emails from unknown sources and to question attachments before opening to make sure they are legitimate.
While you cannot eliminate all threats, employing as many security measures as possible will greatly reduce the chance of a data breach.
Call us for more information on cyber insurance 858-202-6187