Ten Best Practices to Prevent Data and Privacy Breaches
6. Bank Fraud Due To Gap in Protection or Monitoring. Business owners know that it is vital to balance their accounts every month to ensure that checks are not being written out of business funds by embezzlers, but many businesses rarely, if ever, check what kind of credit accounts have been opened under the business name. Monitoring services like myID.com can alert business owners when new credit accounts are opened fraudulently.
7. Poor E-mailing Standards. Many businesses use email as if it is a secure means of communicating sensitive or confidential information. The reality is pretty much the exact opposite. Emails are available to a number of people other than the recipient, and there is generally ample opportunity for email communications to be intercepted in transit. It's more appropriate to treat emails as postcards, rather than sealed letters.
8. Failing to Choose a Secure Password. Use secure passwords. Please. In fact, many security experts are recommending the use of a pass phrase, rather than a password. Pass phrases are several words long, at least three, and are far more secure than passwords. A pass phrase like "friday blue jeans" can be typed far quicker than a complicated password, and it doesn't need to be written down on a scrap of paper stuck to a monitor to remember it.
9. Not Securing New Computers or Hard Drives. Businesses that do not have a dedicated IT department or information security administrator should seriously consider using outside consultants to secure and lock down PCs and hardware. If the security controls available within an OS like Windows 7 are enabled and properly configured, most data breaches can be thwarted.
10. Social Engineering. Social engineers are individuals that call and claim they are from another organization. Social networks like Facebook and LinkedIn are also at risk for attackers attempting to exploit the social framework to gain access to sensitive information. The attacker may even claim to be with a firm that a business owner does business with. If someone you do not know calls on the phone, or contacts you by email, or through a social network, be sure that it is the person you think it is before revealing passwords or confidential information. Better yet, have a policy in place dictating who is allowed to reveal such information and under what circumstances.
If you take a look at these ten scenarios within your business, and follow the guidance provided, you can prevent the vast majority of data and privacy breach incidents