How’s Your Security Hygiene?
By: Paige Goss
Share This Post
How’s Your Security Hygiene?
The cost of data breaches rose to an all-time high in 2021. It spiked from an average of $3.86 million to $4.24 million. Which made it the highest recorded average in the 17 years that IBM has been tracking the data. That’s big money, folks. All the more reason why you might want to check your security hygiene.
Now, there are a lot of potential reasons for the spike. Higher percentages of remote work and compromised credentials are two big ones. So, ensuring cloud security is important, as is implementing some simple best practices like 2-factor authentication. Keeping an eye on basic security hygiene policies and routines will also help to keep your company and its data safe.
Keeping your data secure starts with good data governance. That’s the umbrella term for the overall approach to your company’s data lifecycle management. So, we’re talking about who has the ability to create, edit or delete data. And, really importantly, who has the ability to access it in the first place. Just being able to see information can be enough for cyber criminals to cause serious problems.
That’s why managing your access controls is so important. It’s basically the foundation of data security. Good security hygiene means ensuring that the right people are gaining access to the right data at the right time. And nobody else is. So, Eric in accounting shouldn’t be able to access Juanita’s personnel file if he stumbles into the wrong database. And Tyrone in R&D doesn’t need access to the customer service files. If he does, then you need a procedure in place for him to formally request access.
Some basic aspects of data governance and creating effective access controls include:
- Ensuring every user has a unique account
- Prohibiting the use of shared accounts
- Instituting password complexity rules
- Assigning access rights to individual users based on roles and responsibilities
- Having policies and procedures in place for unique access requests
Just like you don’t want any ol’ person off the street to be able to walk into your home, you don’t want them hopping on your network, either. That means any device connecting to your network needs to be authenticated. And there should be a system in place to notify your IT department if an unknown device gains access to the network.
Sure, it may be annoying to have to go through an authentication process to get your new cell phone onto the company wifi. Or, to have to call IT to set up the new printer. But the reality is, good security hygiene isn’t always convenient. It’s entirely possible for a malicious party to get into your system by posing as seemingly innocuous as a printer. Any connection to the network is a potential avenue for someone acting maliciously to get into your system and cause havoc. So there have to be security protocols in place to ensure that only legitimate printers and cell phones and laptops get network access.
Security programs don’t run themselves, and human error is a huge contributor to data breaches. Esme in marketing may be a lovely human who means incredibly well, but writing her password on post-it notes that she constantly loses… is just not okay. Everyone in the company is responsible for keeping your data secure. Writing down login information on random scraps of paper is a recipe for a breach.
Now, if you have appropriate access controls in place, it might not be catastrophic for someone to get Esme’s login information. But it’s not worth the risk. Help your team understand that they’re responsible for preventing security breaches. Maybe create a Smokey Bear-inspired motivational poster to hang in the break room. “Only You Can Prevent Data Breaches!” Or, an even better idea is to require regular security training and perform occasional phishing exercises.
Regular Security Hygiene Check Ups
Whether it’s via penetration testing or an occasional application review, good security hygiene means having someone else look at your security from time to time. Just because you brush your teeth every night doesn’t mean you’ll be able to spot a cavity yourself. Even if you floss! You still need to go to the dentist on a regular basis to get things checked out. And your systems are the same.
Get in the habit of good security hygiene. Perform regularly scheduled updates to your software. Force password changes on the regular. Ensure your access controls are tip top. Make everyone go through periodic security training to ensure they stay sharp. And then check in on how all of those habits and routines are working. Just because it “ain’t broke” on the surface doesn’t mean it might not need fixing. When it comes to data security, prevention is the name of the game.
A Security Mindset
Think of security hygiene like going to the gym. When it becomes regular and routine, it gets easier. And it’s an important investment in something you care about. With the gym, it’s your physical health – you’re investing in your own future. With your company’s security, you’re investing in the future of your company. Both from a maintenance perspective and a future opportunity one. Maintaining excellent security hygiene can be a fundamental growth mechanism for your company – expanding your opportunities to work with current clients and opening doors you never dreamed possible. Security improvements can not only save you the cost of a data breach, they can also help land multi-million dollar contracts.
If you’re wondering about the state of your security hygiene, we’d love to help. Our security experts can diagnose any problems, recommend solutions and get them implemented in a timely and cost effective way. Reach out to schedule a consultation.