When thinking about data security breaches, people often envision highly skilled hackers employing sophisticated techniques to obtain access to protected data. Consequently, many small businesses and organizations assume that they lack the knowledge or resources to implement effective data security measures. In many instances, however, data breaches are caused by simple means. Common causes of data security breaches include:
- The theft or loss of physical documents, records and files by wrongdoers who may or not be “insiders”;
- The theft or loss of mobile computing, communications or storage devices (e.g. laptops, tablet computers, smart phones, usb thumb drives, portable hard drives)
- The inadvertent installation of malware/spyware by employees;
- The inadvertent disclosure of sensitive information by employees;
- Failure to update software to correct known security issues; and
- The use of ineffective passwords.
The good news is that many of these simple causes of data security breaches can be prevented or mitigated by equally simple measures. Below is a list of straightforward measures that businesses and organizations of any size can implement to prevent or mitigate the risk of a data security breach.
Do:
- Shred sensitive documents, records and files before disposing of them;
- Secure workstations (computers, physical documents, records and files, and portable devices) before leaving them unattended;
- Install anti-virus protection;
- Update your programs and software regularly (frequently updating your software keeps you up-to-date on recent security fixes);
- Ensure that all the data on your devices and computers is encrypted (most operating systems include the option to encrypt your data).
- Require that all mobile computing and communications devices are password protected;
- Change any initial or temporary password as soon as possible (these are generally less secure); and
- Change your login credentials frequently.
Do Not:
- Do not leave physical documents, records and files visible and unsecured at home or in a car;
- Don’t leave sensitive information lying around unprotected, including on printers, fax machines, copiers, or in storage;
- Do not use simple passwords that are easy to guess (e.g. birthdays, anniversaries, children’s names, pet names, etc.);
- Do not share passwords or credentials;
- Do not use the same password or credentials for every account or device;
- Do not click on any links within an email from unknown sources; and
- Do not install suspicious software on your computers.
Many, if not all of these measures can be implemented without the assistance of an IT professional. An effective data security plan starts with the simple things.
If you would like to talk with someone in more detail about what steps your organization should consider taking to prevent a data security breach, please contact David McConnell or Joe Talbot directly at 1-866-774-2635 or dmcconnell@perkinsthompson.com or jtalbot@perkinsthompson.com.