We think 2020 will be a year of digital transformation for organizations all over the world. In this blog series, we cover common workplace productivity roadblocks and how you can overcome them through digitization.
Is your data vulnerable?
Are you at risk for a cyberattack?
What protections are in place to ensure your data is safe?
As organizations continue to invest in new and innovative digital solutions, these questions have become incredibly important to ask. New technology and digital processes can revolutionize how you do work, but they can also create new vulnerabilities and expose security issues.
According to the FBI’s 2019 Internet Crime Report, more than $3.5 billion was reported lost as the result of cyber crimes in 2019 alone. That’s an astounding number that impacts revenue, reputation, and overall business operations.
In fact, AT&T’s Cybersecurity and Enterprise Strategy Group found a direct correlation between the level of security at an organization and business outcomes. This finding is supported by a Ponemon Institute report, which states the average cost savings of adopting a preventative solution to cyberattacks is $800,000.
As more companies adopt work-from-home policies and new technology, data security is more important than ever. The last thing you need to deal with in 2020 is a major data breach. With 7 million data records compromised a day across the globe, the risk of a data breach cannot be ignored.
Data security needs to be a high priority for all organizations. Although we often see large retailers and healthcare organizations highlighted in the news for data breaches, all industries are vulnerable to security threats.
If your organization is going through a digital transformation to address the rapid changes happening around us, it’s time to take a look at your data security practices. Even if you haven’t invested in any new technology or processes, it’s always a good idea to audit your data security to ensure your organization—and data—is protected.
Here are four ways to improve data security and better protect data from hackers and cyber security threats.
1. Improve passwords across the organization.
Strong passwords are incredibly important to data security. But many organizations struggle with improving this area of data protection. Even though 91% of people understand that using the same password for multiple accounts is a security risk, 59% “mostly or always” use the same password.
What’s worse is that people are using passwords that take just seconds to crack across multiple accounts. We’re not talking about cracking passwords through advanced technology or algorithms either; these are passwords that nearly anyone can guess.
These statistics shed light on the scary reality of how poor passwords can be across your organization. To reverse this, implement security best practices at your organization. Work with your IT and compliance teams to see what can be implemented across your tools to ensure stronger passwords.
First, train employees on what makes a strong password:
- Is at least eight characters long, but the longer the better
- Uses both upper and lower case letters (passwords are case sensitive) Contains numbers
- Uses at least one non-alphabetic character, such as ! @ # $ % * ( ) – + = , < > : “ ‘ .
- Does not use any personal information (names of pets or children, birth date, social security number, phone number, address, places, etc.)
- Is unique and not used previously
Next, audit the password security features of your tools.
There may be opportunities within your current tools to easily strengthen passwords. For instance, when setting up Formstack, administrators can require users to select passwords that meet a predetermined length and mix of alpha and numeric characters. They can also set safeguards to prevent employees from reusing existing passwords. Investigate what password protection safeguards are offered by all of your tools and products to ensure you’re getting the most out of their built-in security features.
Continue to investigate helpful password protection measures.
Once you have created employee training on password standards and enabled all the password features of your current tools, it’s time to investigate other password protection measures you could add.
Some things to consider are secure password management tools, adding two-factor authorization, ensuring passwords are not saved to computers or browsers, and enforcing password updates every 90 days. You might also consider looking into next-gen authorization technology to further improve password security.
2. Encrypt data at all times.
Before we dig into how to encrypt data, it’s important to understand what data encryption is, how it works, and why it is important.
We think this statement from McAfee puts it best:
“Data encryption scrambles data into ‘ciphertext’ to render it unreadable to anyone without the correct decryption key or password. Strong encryption solutions combined with effective key management protect sensitive data from unauthorized access, modification, disclosure or theft, and are thus a critical component of any security program. Data encryption can be employed both for data that is stored (‘at rest’) and for data that is being transmitted or transported (‘in motion’).”
At its core, data encryption is used to add a strong layer of protection and defense to your data. It keeps data confidential as it is sent across the web and stored within a database. Without data encryption, your data is like a sitting duck: vulnerable to cyberattacks and data hacks.
There are many types of data encryption available. Advanced Encryption Standard (AES) is the U.S. government standard as of 2002 and used worldwide. At a minimum, be on the lookout for industry standards including 256-Bit Secure Sockets Layer (SSL) and PGP (Pretty Good Privacy) for encrypting and decrypting email.
Encrypting sensitive data is crucial to protecting that data from hackers. It is one of the best ways to keep customer and employee data private so your organization stays off data breach lists. Data encryption is also incredibly important in regards to fulfilling various compliance standards, which we dig into next.
Learn More: How to Know Your Data Is Protected Within an App
3. Use software that understands compliance regulations within your industry.
Most organizations collect a lot of personally identifiable information, such as names, addresses, phone numbers, and passwords. Some may even collect far more sensitive information, such as credit card numbers, social security numbers, and license information.
Collecting this type of data plays into many different industry regulations and compliance standards, such as HIPAA, GDPR, WCAG, and PCI. Many industry regulations have strict guidelines on how to appropriately collect, secure, or share sensitive data. If your organization is found noncompliant with the regulations that mandate data protection within your industry, you could face large fines and other repercussions.
To ensure your organization is in line with industry standards, use software that understands your compliance needs. If you collect protected health information, you need to work with HIPAA compliant software to ensure your data management aligns with HIPAA standards. If you accept, process, store, or transmit credit card information, you need to maintain a secure environment and follow PCI requirements.
Working with software that aligns with industry regulations ensures you have another layer of protection. It also creates an automatic understanding between you and the provider on the needs of your organization. Plus, as new regulations are created and others change, your software will update as necessary without a heavy lift on your end.
4. Enforce strong security standards.
Changing the way employees create passwords, secure data, and use tools takes time, perseverance, and understanding. To ensure the changes that need to be made become habits, it’s important to continually train employees on the importance of data privacy and security standards.
Use your source of truth to create a specific area dedicated to educating employees on security standards, operating practices, and compliance regulations. Create a Q&A page and form for employees to address any confusion or questions around data security practices. This will help create clarity and transparency around new procedures and updates.
Once your data security source of truth is created, your leadership, compliance, and IT team need to echo the same message throughout your organization. It’s also important that all managers understand the importance of data security and are discussing security operations on a regular basis with employees. The more commonplace your security rules and regulations become, the easier it will be for employees to remember them and enact them.
As our world continues to move away from paper-based processes and into a completely digital realm, it’s important to keep data security top of mind at all times. By selecting the right technology, enacting the right policies, and training employees, you’ll better protect your data, employees, customers, and organizations from security threats and hackers.