Proprietary information makes your business special, whether you're a startup with a smart algorithm or a food manufacturer with a secret sauce. Regardless of industry, business gains competitive advantage from distinct practices or unique data. The last thing you want is someone with ill intent getting their hands on those differentiators.
We all know cybercriminals are trying to gain unauthorized access to your computers. Most attention is on hackers stealing personal data, or malware attacks that render computers useless unless a ransom is paid. Other prime reasons bad actors seek out technology vulnerabilities are for corporate espionage or to make a buck selling your proprietary information to the highest bidder. Those bidders could be your competitors or even a foreign state actor looking to blackmail your businesses or even your own government.
Trade secrets, business strategies, or product designs could all be at risk. To help avoid this, here are 5 things every business, from a small mom and pop bakery, up to even the largest organizations should be doing:
Limit Access to a Need-to-Know Basis
For some, it might sound a little cloak and dagger. For others, it's common sense: "you don't have clearance for that." Limiting access based on roles builds a stronger perimeter around proprietary data.
The front receptionist doesn't need the same level of access to data and information as the founder or partner group. Similarly accountants don't need access to the same things the technicians or cooks in the kitchen do.
This cuts the risk of inadvertent exposure and insider threats, plus, it helps contain possible damage in the event of a breach. If one person's access credentials are compromised, a hacker will only get so far.
Educate and Audit
Check your control over proprietary data, and regularly audit what critical information you have and who has access to that data. It's easy to lose track of who has access to what in the daily flurry of things and this can be a major issue in the event of a breach.
Also, vet employees to prevent bad actors from getting inside your security perimeter. The recent Solarwinds breach was perpetrated by bad actors actually managing to be employed by the company in a story seemingly straight out of a movie.
Ongoing education can also help, as it will keep best practices top of mind with your employees.
Limit Personal Device Usage
Many employees have smartphones, laptops, or tablets they can't live without. The reality however is those devices present another potential security issue. If you're going to allow Bring Your Own Device (BYOD), you need to establish strict guidelines.
The business should:
- ask employees to register any personal devices used for work;
- segregate personal devices from the business network;
- install remote monitoring to allow you to audit device access and ensure best practices;
- require up-to-date software and vulnerability patching;
- create a separate, encrypted drive on those personal devices for work data.
Also, ban the installation of hardware or software on office computers without involving IT. This can avoid someone downloading and installing a program that provides third-party access. The employee or department didn't mean to cause a security breach, but you want to be safe.
Protect Multifunction Devices, Too
Even with businesses doing more in the cloud, we still use printers, scanners, and copiers. Any of these could have internal storage that stores the data your users send to them. These devices are also often attached to your network, and there's a good chance nobody's changed the default password from the manufacturer.
Shore up security. Give these devices their own network segment, separated from the main systems and workstations. This also goes for any smart devices such as camera systems, smart vending machines, and even things like smart TVs.
Destroy Any Hardware Properly
When you upgrade to new hardware, what do you do with the old stuff? In many cases, it will sit unattended in a closet somewhere, or get boxed up and sent to an auctioneer without first clearing the hard drive. Work with a certified data destruction company. They can wipe your technology clean before resale or destroy them effectively.
Plus, keep in mind that paper remains a threat, too. Your employees need to be aware that a messy desk can mean documents go missing or get mixed up, and it is that much easier for a visitor to see and take an important document.
Security Gets Complex in 2021
It's an unfortunate fact that attackers are running rampant in the computer and technology space and there are no signs of them slowing down. Businesses of all sizes are targets and should act accordingly. The tips provided above can provide a foundational framework for securing your own company. Of course, sometimes you might need help with that. If you think you may need a partner to help implement process and policy to secure your company, let us know!