)
)
)
As a digital leader, you probably have a loose understanding of data security principles. And you are doing the best you can to safeguard your business information.
But is it enough?
Cybercriminals are getting smarter and using more sophisticated techniques to attack companies’ systems.
Today, hackers can target your data through:
- Employee devices
- Remote applications
- Internet of Things
- Network routers
- And more
So what you thought were data security basics may not be enough anymore. What was good enough when you entered the workforce needs to evolve. Simply using the latest tech tools won’t cut it. This is especially important if you have invested a lot in data, but don’t have a full IT team to manage the controls around it yet.
But where do you start?
In this post, you’ll find a checklist of data security principles and practices – drafted in plain language – to help you better protect your sensitive business data. If you’re a non-technical CEO, there’s a good chance that you’ve never heard of these measures. If you implement these data security basics now, you can be confident that nothing horrible will happen until you pass off the responsibility to a CIO one day.
Before we get to the checklist, let’s quickly break down the definition of data security.
What is data security?
Data security is the procedures applied to protect a company’s data from unauthorized or accidental modification and disclosure. Basic data security principles include encryption, access controls, and a range of other safeguards that help preserve the confidentiality and integrity of your data.
Why is data security important?
Customer records, trade secrets, financial information, and databases are arguably your organization’s most valuable asset. Data security basics protect these assets from cyber threats.
As more companies and teams shift to a digital workplace, there are a number of threats to the data you’re storing. Hackers can attempt to steal your information by compromising your communication tools, email, website, and/or devices. As data security principles directly tie back to your company information, a successful breach could have dire consequences for your company.
A data breach could cause you:
- Reputation loss – from failing to protect customer and stakeholder data
- Financial loss – paying regulatory fines for non-compliance
- Time loss – time spent reporting a breach to a regulatory agency
And that’s just on the company side.
On a personal level, a data breach could cost you your sanity.
A recent Gartner report says that as much as 75 percent of CEOs could be held accountable for data breaches by 2024. In the unfortunate event of a data hack, you’ll need to do a lot of explaining, make multiple visits to regulatory authorities, and find ways to retain the trust of your board. Sound like fun?
Worst-case scenario: you’d be forced to resign due to negligence.
Equifax CEO Richard Smith stepped down three weeks after an uproar over the breach at his company that compromised the data of 143 million customers. Pressure got to him. This indicates that data compromise is a tough one to shrug off, so it’s imperative to have the right information safeguards in place to keep your sanity — and job — intact.
The data security checklist for CEOs
Improving data security requires a combination of approaches. The following data security checklist highlights the different measures CEOs can take to help keep their companies’ data more secure.
1. Reinforce basic security hygiene
The first step is to reinforce the data security basics in your organization. These are the measures everyone in the company should be knowledgeable about:
- Not downloading random files/videos/images
- Staying away from suspicious websites
- Using firewalls to prevent unauthorized access to your network
- Installing anti-malware, anti-virus, and anti-spyware software
- Creating strong passwords for email, website, and platforms
The best way to reinforce these measures is to set up an internal team to lead the initial security-implementation efforts. This team can encourage others to follow basic security rules and keep data top-of-mind. As the CEO, you need to champion this team and make sure they have all the authority and support they need.
2. Reduce your exposure to phishing
A-ha, that “login restricted” email will get you every time. But not if you and your staff are prepared for them. Many data breaches start with emails purporting to be from legitimate companies, which then lure you into giving out your company details (a scam known as phishing). Ways to improve your defense against phishing:
- Add an email quiz to your employee training. List example emails and ask the staff to identify if they are legitimate. Make a game out of it by recognizing personnel who answer correctly. Employee awareness is your best defense against phishing.
- Have a policy of uploading suspicious-looking files on Google Drive. Doing this would convert the documents into HTML or images, helping you avoid installing potential malware on your system.
- Configure your anti-spam settings to reduce the number of fake emails landing in inboxes. Your email service provider might be able to assist with this effort. Employees, too, can provide support by forwarding junk mail to the spam filter.
3. Require remote employees to connect over a secure network
When working remotely, employees will access your company’s resources via Wi-Fi in hotel rooms, cafes, libraries, and airports. Unfortunately, public Wi-Fi networks are almost never secure. Just because they may require a password to log in, it doesn’t mean a person’s online activities are encrypted.
Another risk? When attempting to connect over public Wi-Fi, there’s a possibility of joining a rogue or fake Wi-Fi network. If this happens, cyber thieves will get the opportunity to intercept the communication between the user and the sites they use, allowing them to capture valuable information, such as trade secrets, login credentials, and corporate files.
The easiest way to address these risks is to have your remote employees use a virtual private network (VPN). Using VPNs when connected to public Wi-Fi encrypts the web traffic of remote workers. This is a much better way to keep your data protection than forbidding personnel from working where they feel most productive and energized.
Go online and look for a corporate VPN to help secure your remote staff’s connections.
4. Encrypt, encrypt, encrypt
Like not letting anyone connect over unsecure wifi, you shouldn’t allow any workstation or employee device on the company network without being encrypted.
Encryption scrambles sensitive data with an algorithm so that it can’t be read or understood by someone without the information required to unscramble it. This means that adversaries won’t be able to access your confidential information even if they managed to steal your data.
All devices in your company should be encrypted. Many mobile devices these days are encrypted by default, but it’s still best to check. For desktop systems, encrypting the hard drives will help prevent the extraction of critical data. Not sure how to do this? Just search for a device plus the word “encryption” on YouTube, and you’ll find various tutorials on how to encrypt it to make it more secure.
5. Don’t forget physical security
So much emphasis is placed on securing your data online. However, malicious actors – who could be former employees, business partners, or contractors – can steal your devices and extract data from them. Even as you protect yourself online, don’t forget to secure your storage devices physically.
Tips to help improve your physical security:
- Have your staff lock up their laptops when they are left idle on their tables.
- Restrict access to computers and servers to authorized personnel.
- Tell remote employees never to leave their computers unattended.
- Keep any removable storage media or sensitive documents securely locked in your drawer.
- Use motion sensors and tamper-proof locks to deter opportunist thieves from stealing any smart devices connected to your network.
Take the lead on data security principles
If you are a leader, you shouldn’t consider defending against cyber threats as the sole responsibility of an IT or cybersecurity department. Rather, you must lead from the front by developing data security principles that help improve your resilience against attacks.
Use this checklist to kick-start your organization’s data security basics, and you will be able to secure your most valuable asset against current as well as future cyber threats.
Be a part of the data security solution, not the problem.
As a digital leader, you probably have a loose understanding of data security principles. And you are doing the best you can to safeguard your business information.
But is it enough?
Cybercriminals are getting smarter and using more sophisticated techniques to attack companies’ systems.
Today, hackers can target your data through:
- Employee devices
- Remote applications
- Internet of Things
- Network routers
- And more
So what you thought were data security basics may not be enough anymore. What was good enough when you entered the workforce needs to evolve. Simply using the latest tech tools won’t cut it. This is especially important if you have invested a lot in data, but don’t have a full IT team to manage the controls around it yet.
But where do you start?
In this post, you’ll find a checklist of data security principles and practices – drafted in plain language – to help you better protect your sensitive business data. If you’re a non-technical CEO, there’s a good chance that you’ve never heard of these measures. If you implement these data security basics now, you can be confident that nothing horrible will happen until you pass off the responsibility to a CIO one day.
Before we get to the checklist, let’s quickly break down the definition of data security.
What is data security?
Data security is the procedures applied to protect a company’s data from unauthorized or accidental modification and disclosure. Basic data security principles include encryption, access controls, and a range of other safeguards that help preserve the confidentiality and integrity of your data.
Why is data security important?
Customer records, trade secrets, financial information, and databases are arguably your organization’s most valuable asset. Data security basics protect these assets from cyber threats.
As more companies and teams shift to a digital workplace, there are a number of threats to the data you’re storing. Hackers can attempt to steal your information by compromising your communication tools, email, website, and/or devices. As data security principles directly tie back to your company information, a successful breach could have dire consequences for your company.
A data breach could cause you:
- Reputation loss – from failing to protect customer and stakeholder data
- Financial loss – paying regulatory fines for non-compliance
- Time loss – time spent reporting a breach to a regulatory agency
And that’s just on the company side.
On a personal level, a data breach could cost you your sanity.
A recent Gartner report says that as much as 75 percent of CEOs could be held accountable for data breaches by 2024. In the unfortunate event of a data hack, you’ll need to do a lot of explaining, make multiple visits to regulatory authorities, and find ways to retain the trust of your board. Sound like fun?
Worst-case scenario: you’d be forced to resign due to negligence.
Equifax CEO Richard Smith stepped down three weeks after an uproar over the breach at his company that compromised the data of 143 million customers. Pressure got to him. This indicates that data compromise is a tough one to shrug off, so it’s imperative to have the right information safeguards in place to keep your sanity — and job — intact.
The data security checklist for CEOs
Improving data security requires a combination of approaches. The following data security checklist highlights the different measures CEOs can take to help keep their companies’ data more secure.
1. Reinforce basic security hygiene
The first step is to reinforce the data security basics in your organization. These are the measures everyone in the company should be knowledgeable about:
- Not downloading random files/videos/images
- Staying away from suspicious websites
- Using firewalls to prevent unauthorized access to your network
- Installing anti-malware, anti-virus, and anti-spyware software
- Creating strong passwords for email, website, and platforms
The best way to reinforce these measures is to set up an internal team to lead the initial security-implementation efforts. This team can encourage others to follow basic security rules and keep data top-of-mind. As the CEO, you need to champion this team and make sure they have all the authority and support they need.
2. Reduce your exposure to phishing
A-ha, that “login restricted” email will get you every time. But not if you and your staff are prepared for them. Many data breaches start with emails purporting to be from legitimate companies, which then lure you into giving out your company details (a scam known as phishing). Ways to improve your defense against phishing:
- Add an email quiz to your employee training. List example emails and ask the staff to identify if they are legitimate. Make a game out of it by recognizing personnel who answer correctly. Employee awareness is your best defense against phishing.
- Have a policy of uploading suspicious-looking files on Google Drive. Doing this would convert the documents into HTML or images, helping you avoid installing potential malware on your system.
- Configure your anti-spam settings to reduce the number of fake emails landing in inboxes. Your email service provider might be able to assist with this effort. Employees, too, can provide support by forwarding junk mail to the spam filter.
3. Require remote employees to connect over a secure network
When working remotely, employees will access your company’s resources via Wi-Fi in hotel rooms, cafes, libraries, and airports. Unfortunately, public Wi-Fi networks are almost never secure. Just because they may require a password to log in, it doesn’t mean a person’s online activities are encrypted.
Another risk? When attempting to connect over public Wi-Fi, there’s a possibility of joining a rogue or fake Wi-Fi network. If this happens, cyber thieves will get the opportunity to intercept the communication between the user and the sites they use, allowing them to capture valuable information, such as trade secrets, login credentials, and corporate files.
The easiest way to address these risks is to have your remote employees use a virtual private network (VPN). Using VPNs when connected to public Wi-Fi encrypts the web traffic of remote workers. This is a much better way to keep your data protection than forbidding personnel from working where they feel most productive and energized.
Go online and look for a corporate VPN to help secure your remote staff’s connections.
4. Encrypt, encrypt, encrypt
Like not letting anyone connect over unsecure wifi, you shouldn’t allow any workstation or employee device on the company network without being encrypted.
Encryption scrambles sensitive data with an algorithm so that it can’t be read or understood by someone without the information required to unscramble it. This means that adversaries won’t be able to access your confidential information even if they managed to steal your data.
All devices in your company should be encrypted. Many mobile devices these days are encrypted by default, but it’s still best to check. For desktop systems, encrypting the hard drives will help prevent the extraction of critical data. Not sure how to do this? Just search for a device plus the word “encryption” on YouTube, and you’ll find various tutorials on how to encrypt it to make it more secure.
5. Don’t forget physical security
So much emphasis is placed on securing your data online. However, malicious actors – who could be former employees, business partners, or contractors – can steal your devices and extract data from them. Even as you protect yourself online, don’t forget to secure your storage devices physically.
Tips to help improve your physical security:
- Have your staff lock up their laptops when they are left idle on their tables.
- Restrict access to computers and servers to authorized personnel.
- Tell remote employees never to leave their computers unattended.
- Keep any removable storage media or sensitive documents securely locked in your drawer.
- Use motion sensors and tamper-proof locks to deter opportunist thieves from stealing any smart devices connected to your network.
Take the lead on data security principles
If you are a leader, you shouldn’t consider defending against cyber threats as the sole responsibility of an IT or cybersecurity department. Rather, you must lead from the front by developing data security principles that help improve your resilience against attacks.
Use this checklist to kick-start your organization’s data security basics, and you will be able to secure your most valuable asset against current as well as future cyber threats.
Be a part of the data security solution, not the problem.
