A series of high-profile data breaches in 2017 made it clear that it's becoming more difficult to protect your and your customer's sensitive information from nefarious agents. As businesses expand, they develop and implement security policies that help protect their sensitive information from outsiders. Still, business growth means more computers, more laptops and more mobile phones—and more network endpoints means more security vulnerabilities and more opportunities for a small oversight to turn into a major data breach.
Financial data breaches can spell disaster, especially for small businesses that have fewer resources to allocate toward proactive security measures and fraud prevention. To help out, we've outlined five steps that you can take to maximize your financial data protection in 2018.
Take Inventory of Your Sensitive Financial Data
The first step to effective financial data protection is to identify the data that is more important to protect. Your full assessment should answer the following questions:
- What data do I need to secure?
- What computers, servers, laptops, networks, or other devices is the information stored on?
- What devices can be used to access the data?
- What roles/titles will have permission to view the data?
The best way to start enhancing data security is by restricting access. Isolate or segregate the data onto the fewest number of devices possible, and make it accessible to the fewest number of people. Conduct thorough background checks and ask for references when hiring employees that will come into contact with financial data.
Implement Effective Password Controls
Passwords are an important security measure used to prevent unauthorized users from accessing company laptops, e-mail accounts and other resources that could contain sensitive financial information. Password controls are a set of imposed guidelines for how your staff should set up the passwords that they use to access your sensitive data. Typical password controls include:
- Ensuring that passwords are long enough and that they contain a mixture of upper and lower-case letters, numbers and symbols. As passwords get longer, they become exponentially harder to hack by brute force. Hackers use all kinds of tricks to try and guess passwords—writing software that guesses dictionary words or combinations of words from the dictionary, or that guesses birth dates formatted in different ways. Passwords should be 10-12 characters long.
- Ensuring that passwords are changed on a regular basis, at least every 90 days for passwords used to access sensitive financial data.
- Ensuring that each individual user is assigned one username and password, and that login credentials are never shared.
Protect Your Network with a Firewall
Companies storing and transmitting financial data on an internal network should implement a firewall. A firewall is a hardware or software security device that monitors all incoming and outgoing network traffic and uses predefined security guidelines to determine whether it should be allowed or blocked. Firewalls establish a barrier between your trusted internal network and unauthorized external actors that might try to access or attack it.
You may want to hire a cyber security expert who can help customize your firewall to your unique circumstances and advise you on how to address other potential network security threats.
Look Out for Phishing Scams
Sometimes, fraudsters don't have to gain access to your systems using technological means to attack your company financially. E-mail phishing scams can fool your unsuspecting employees in the worst ways—entering their login information into a fake portal, or opening a malicious program that steals sensitive information from their inbox, copies their contact list, and forwards malicious e-mails to others.
Employees need to be educated about the most current fraud and phishing scams and how to avoid them. They should be instructed only to access sensitive data from a secured network, using their company device, and only through the prescribed channels—never by clicking a link in a newly received e-mail. Employees should never open unexpected e-mail attachments, and should report all suspicious e-mails to the company's IT department.
Use Data Encryption
Encryption is the translation of stored data into a secret code, ensuring that only someone with the encryption key can decrypt the data and use it for its intended purpose. Encrypting stored data acts as an insurance policy in case the data is ever lost or stolen. If a hacker or thief gets their hands on properly encrypted data, chances are they still won't be able to access any meaningful information that can be used to harm you, your company, or your customers.
You can also use encryption to reduce the vulnerability of network endpoints like computers and mobile phones. Mobile phones should be encrypted, and you should be able to wipe them remotely in case one is ever lost or stolen. Encryption can be used to encode the data on a computer hard drive, preventing anyone from reading it who doesn't have access to the encryption key.
Organizations can maximize their financial data protection by implementing the right proactive policies and procedures, even without a large investment in security measures. Organizations should start by taking an inventory of their financial data, understanding how it is stored and accessed, and restricting that access exclusively to those who need it. Implementing stringent password controls and investing in network security devices like a firewall can significantly reduce the risk of a data breach. Further, employees should be trained to avoid unknown links and e-mail attachments, and report any suspected phishing scams to your IT department. Finally, stored financial data can be further secured through encryption, reducing the likelihood that the data could be used for harm even if it were stolen.