[BreachExchange] 5 Best Workplace Practices To Prevent Data Breach

Destry Winant destry at riskbasedsecurity.com
Tue Feb 12 08:54:22 EST 2019


https://gbhackers.com/5-best-workplace-practices-to-prevent-data-breach/

Perhaps the greatest challenge for every enterprise in this internet
connected world is data protection. We’ve seen the devastating direct
financial loss data breach brings to every business entity who happens
to deal with it; the Bank of Bangladesh, Yahoo! Mail, and the
not-so-recent JP Morgan Chase data breach are just a few of the
multi-million dollar cyber blunders we can cite as examples over the
last few years.

Consequently, many countries are optimizing their data security laws
affecting every entity, even those who outsource their business
processes to accounting firms, legal firms, and PEOs.

In fact, the European Union was one of the first to implement greater
data security measures for its citizens, and it’s known as the GDPR-
General Data Protection Regulation.

Despite applying manycountermeasures in information security, it’s no
secret that a number of major security threats come from the people
within the organization, mostly through careful social engineering
employed by Machiavellian cyber hackers.

eBay learned this lesson terribly in May of 2014 when hackers got into
the company network using the credentials of its corporate employees,
which after a thorough investigation had inside access for over half a
year! This, of course, compromised the data of their users, all 145
million of them (could be more).

This is why it is important for everyone in the organization to be
aware of the best workplace practices to implement them strongly. And
this article will walk you through the pillars of workplace data
security practices to get started.

Confidentiality and non-disclosure agreements.

For every agreement or policy to be realized it has to be reduced to
writing. In addition, you must ensure that all the professionals or
administrators who have access to sensitive information must sign all
the confidentiality agreements. This means that all employees,
partners, and vendors must sign confidentiality and non-disclosure
agreements before they begina project.

Unique ID and login system.

It’s a standard that companies must have password protected systems to
prevent unauthorized access to confidential information. Moreover,
each employee is expected to have their own unique ID and password to
use for logging in.

In relation to this, access management protocols must be applied to
limit access to confidential and personal information based on the
employee’s role and function; giving them access only up to the extent
necessary for them to carry out their responsibilities successfully.

No bringing of devices inside the workplace.

All employees must not be allowed to bring in any electronic devices
in their workstations. In the same way, no one is allowed to bring in
or take out paper, pen, printouts, and other written documents unless
otherwise given permission, but should still be within the limits of
training purposes.

Moreover, random checks must be done regularly by any third party or
your own security personnel to ensure confidentiality policies are
religiously observed.

Data security, privacy, and confidentiality training.

Aside from establishing a comprehensive information and security
program, providing regular cybersecurity training and awareness
updates will help your team fill in the gap between what’s written on
paper and how data breach happens in real life.

Over the years, a huge percentage of data breaches was caused by
malware and phishing software getting inside the network by clicking
on a link or opening an attachment sent through innocent- looking
emails. These data breaches could have easily been prevented if only
the employees had data security training.

In addition, untrained employees are often prey to the social
engineering cybercriminals do to get access to company networks.

The leadership team and all the executives should also go through an
in-depth formal data security training. This will ensure that everyone
in the organization, including the management, understands the value
of data security.

Regular auditing of record management systems.

Payroll and PEO firms like https://www.bradfordjacobs.com/ hold a lot
of client and customer data because of the nature of their business.
And that’s why PEOs should have a sound record management system where
the keeping, discarding or transferring of confidential information
will never be used against them in case litigation occurs or a
complaint happens.

Your HR and IT Departments should work together to create a
synchronized record management system where all client information
will be stored.

Aside from that, identify where all business records may be stored.
Text messages, instant messages, emails, and other communication
channels are all possible sources of inside information.

Finally, do a regular self-audit of your records management system.

Conclusion

Though trusting your employees to be able to do their job with
integrity is part of the social contract, it’s still a must for your
company to make conscious efforts to protect your client/customer’s
data from anyone within the organization who has access to it.
Applying these workplace practices will help your company prevent a
data breach and protect confidential information.


More information about the BreachExchange mailing list