The vast majority of the times, hackers are not clever people getting over seemingly insurmountable odds to steal data. They’re using the same old tricks, over and over again, and catching a few people slipping. Most data losses occur due to common errors which hackers know to look for and exploit.
We all know how badly a little data breach can impact a your reputation. But a reported average of loss of $3.79 million/breach makes it plainly obvious how it can impact your bottom line too. Let’s look at the common errors that you, your co-workers, and those you manage must be aware in order to better protect your data.
Common data loss errors
The easiest of all: Device theft
A stolen, or just lost, device is the absolute worst case scenario. Laptops, smartphones, and tablets are now prevalent in a company’s device plan, and they are much easier to lose than the old desktops we used for so many years.
The steps to take here are:
- Make sure everyone uses a lock screen or sign in.
- Most systems feature some sort of device encryption, make sure that the most sensitive pieces of data are encrypted.
- Use tracking tools, such as Find my iPhone, to locate, lock, and erase devices remotely.
People are the weakest link in any security plan. Losing devices is something that will happen, you need to be prepared for it.
You send your employee off to work remotely, on an unknown network, and they wind up giving away company passwords and data. It’s all too common as people don’t realize the threats which reside on these networks. Fake WAPs are a major concern, and can steal data from you as easily as you’re reading this article now.
Steps to take include:
- Never click on ‘Remember Password’ while using a public computer.
- Creating strong passwords as weak ones are easily stolen. Password managers can help with this. You can avoid the ‘sticky note on the side of the monitor’ stolen credential problem here.
- Using encryption, like VPNs, on unsecured networks. This includes coffee shops, conferences, and hotel rooms.
Lastly, be sure that any employee accessing a password protected file on the company server remotely has some assurance that they’re not giving this away. A one-time password for this file, and encryption, are key.
Errors in document processing and handling
These are the kinds of errors which make for great sitcom moments, but for terrible real-life occurrences. These errors can include:
- Accidentally forwarding emails to the wrong people.
- Publishing private data on a public server.
- Improperly deleting old documents.
I’m pretty sure that all three of these have happened on episode of Brooklyn Nine-Nine. Publishing private data on a public server can be as simple as the time SGT. Jeffords took a selfie inside the police precinct …with private case file info in the background… and tweeted it out over Twitter.
Clicking on Spyware
Employees clicking on pop-up windows that they shouldn’t, usually naively, can result in the installation of malicious spyware. This is a type of malware which downloads itself onto your computer, without you knowing, which then steals your passwords, interactions, and keylogs.
You need to have a regular virus scanner on all machines, there’s simply no other alternative. Some of the best will also have a firewall which can prevent them from downloading in the first place.
Leaving applications vulnerable
We all get comfortable with certain systems. I personally used OS x Mountain Lion for much longer than I really should have. While it can be comfortable to know an app or OS, it can also be ‘comfortable’ for hackers who have had time to crack these systems, especially when they’re so old that they are no longer updated by the manufacturer.
Take steps to end this by:
- Keeping all applications and OSs regularly updated. Most updates are exclusively for security updates.
- Regularly deleting old applications which you no longer use.
- Regularly monitoring which apps are on company owned devices.
Failing in any of these three steps will make sure that hackers have a way in. Once they have that weak spot they can steal any number of valuable pieces of data without you ever being the wiser.
Lessen security breaches
As you’ve probably gathered from above, each one of these errors happens due to people not doing something they should do:
- They let devices get stolen.
- They let credentials get stolen.
- They mishandle documents.
- They click on spyware.
- They don’t update their apps or OS.
You have to take responsibility for helping make sure that your devices don’t fall victim to these negligent practices. You have to check up on your employees, make sure they know what to do, and implement failsafes to be sure that nothing slips through the cracks.
Yes it will take time and money. With data breaches costing $3.79 million on average, can you afford not to do take these steps?
Marcus is an online security and privacy advocate with a weekly blog post on Best VPN Provider.co. You can find him there every Wednesday with the latest news on privacy, VPNs, and general security. You can also follow @BestVPNs on Twitter for the best in online security Twittering!