4 tips to make data protection everyone's business

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.net-security.org/article.php?id=2208

Most people wrongly assume that the burden of protecting workplace data
across laptops, tablets and smartphones falls solely on your IT department.
Without active observance of company protocols, however, any data security
plan that IT puts in place falls flat, leaving your company’s data
vulnerable. You don’t necessarily need to memorize a litany of IT mandates
in order to reduce the risk of losing or compromising your work data.

Thinking twice about the cloud-based apps you download and staying
up-to-date on the latest password best practices are examples of simple,
proactive measures you can take to support your organization’s data privacy
efforts.

Here are 4 steps you can take to do your part in keeping your work data
safe:

1. Think before you download cloud apps: Cloud-based apps undoubtedly make
it easier and faster to share work data on-the-go. To put their popularity
into perspective, consider that sync and share apps alone—most of which are
targeted to a consumer vs. enterprise audience—have found their way into
nearly three quarters of companies. While it’s tempting to use these
consumer cloud apps to streamline workflows, consider the risk.

Many times, files aren’t encrypted in these consumer cloud tools and this
can put your data in danger – accessible by the cloud vendor, a government
issuing a blind subpoena or by someone hacking into the system. Storing
corporate data unencrypted in a public cloud can place your organization at
risk for theft, leaks and breaches.

2. Think twice about sharing that file: Should you put that customer list
in Dropbox? Probably not. Yes, we’re all trying to get more work done
faster, but we still have a responsibility to be mindful of corporate data.
No one wants be the source of a high profile data breach or security
violation that can result in millions in fines or worse.

A simple guideline is to ask yourself, “am I ok with the New York Times
running a front-page story on this data getting breached or stolen?” The
onus is on everyone because data security really is everyone’s business.

3. Re-think your backup hygiene: When was the last time you backed up your
work files? According to Forrester's Forrsights Devices and Security
Workforce Survey, over half of employees assume their companies back up
their most important files, whether or not this is actually true. In the
same study, two-thirds of companies reported data loss due to lost or
stolen devices and accidental file deletion.

Today, most of your critical work files live on endpoints (laptops,
desktops, mobile devices), rather than centralized servers monitored and
supported by your IT department. Set yourself up for success by making sure
that you have a true backup solution in place. You want one that
automatically, continuously backs up any and all of your data where it is
created and accessed—on your devices. Additionally, it stores a second copy
of that data in a separate system. All employees need to understand that
just saving a file in the cloud is not backup.

4. Change your password: While IT can force the issue on work-issued
devices, regularly changing your passwords on any devices used to access
work decreases the chances that your data will be compromised. Does your
company offer single sign-on through identity management providers like
Okta? Use it. Single sign-on reduces the number of ways in which your
credentials can be compromised, further bolstering your data protection
efforts.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!