If you’re a small business owner, data security may not be an area you’re too familiar with. Unfortunately, nearly 43% of small businesses become targets for hackers every year – costing companies over $200,000 in breaches. While data security may not be your area of expertise, it doesn’t have to be daunting to take on. When you’ve put years of effort into creating a business and earning client trust – it’s worth your time to invest in the prevention of an online breach with better security practices.
For us, we abide by simple practices that help keep our customers, our employees, and our software safe. In fact, when we founded CloudAdvisors more than 6 years ago, our twin pillars of Data Security and Data Integrity guided our decisions. Today, those principles are at the heart of our security practices, and we’re going to highlight some of the steps we take to protect Canada’s Employee Benefits Marketplace.
Our Top 5 Data Security Practices
1. Invest in your people
Often times when a breach occurs, hacker’s will misuse an employee’s access. Rarely is the concern a hardware or software vulnerability. For this reason, training and communication are critical steps companies can take to minimize the likelihood of breaches. It’s important for companies to include security as part of their core training, particularly in an increasingly remote working environment after COVID-19.
Unfortunately, gone are the days where 100% of a workforce operates on premise. This means educating employees on how to stay safe, while away from the office, is more important than ever.
Employees should understand why security mindfulness and security practices are a discipline and a continuous exercise. Evidently, employers need to prioritize security training during business hours, and validate completion of necessary learning modules. In essence, if your people aren’t trained or aware of cyber security risks, are they being set up for success or failure?
2. Keep systems up-to-date
Keeping things up-to-date can be tedious, particularly when we have so many apps and operating systems. With limited time, people often choose to forego their updates and this can be a dangerous decision.
When developers publish Patch Notes or Release Notes from a version update, they usually list fixed bugs, and patched vulnerabilities. Unfortunately, people who don’t update their apps are subject to those very vulnerabilities developers list in new release notes, which can serve as an instruction manual to a malicious actor.
Keeping our apps and systems up-to-date prevents known vulnerabilities from being used to attack us.
3. Use Antivirus/Anti-Malware software
Only install software from known and trusted sources. This is especially true for Antivirus and Anti-Malware software as it is trusted with the responsibility for keeping your devices safe. CloudAdvisors budgets for this to ensure we secure each device properly.
4. Principle of least privilege
The Principle of Least Privilege states that a subject should have only those privileges needed for it to complete its task. If a subject does not need an access right, the subject should not have that right. Simply put, limiting access to systems, files, networks, and applications will mitigate some of the most common vulnerabilities.
A company has a responsibility not to unnecessarily put its employees in a position of risk, particularly when there is no measurable benefit to increasing their access levels. By following this discipline, sometimes processes slow down with the increased scrutiny, but this is a healthy balance between security and convenience.
5. Be Careful what you click and open
In an age where tracking beacons, and data mining are the norm, people in privileged positions are more likely to be targets of hacking and exploitation. At CloudAdvisors, our onboarding journey requires each new hire to learn basic security principles, which includes helpful habits.
To begin with, don’t visit unknown websites or download software from untrusted sources. Unverified sites often host malware that will automatically install, compromising your device (phone or computer).
If attachments or links in an email are unexpected or suspicious for any reason, don’t click on them. Don’t download attachments, or click on the ‘unsubscribe’ button either.