Data breaches are constantly in the news. Every couple of days there’s a story about personal information that has somehow made it into the public domain. It’s something that all businesses have to guard against, especially with the average cost to enterprises rising 15% to $3.5 million, according to the Ponemon Institute’s latest report. You may have a robust custom network, but your piece of the puzzle is looking after the security of the data that flows across it. A secure data access plan can help. Here are some of the areas you need to consider when creating one.
Who has Access?
Did you know that many of the most serious security breaches can be caused by insiders who don’t take adequate account of security needs? An Oracle guideline suggests that enterprises must take account of:
- physical accessibility to computer devices
- the personnel that are administering your system
- procedures for operating your system
- technical details related to the storage, use and transmission of data.
Consider how you can reduce tampering and maintain confidentiality, while still giving access to people who need it.
Who Needs Access?
It’s worth assessing whether everyone who has access to data really needs it. Do all employees have to have access to all company information?Probably not. Your data access plan should include rules for data accessibility and integrate these into your network setup. Consider how to secure web access via firewalls and other fail safes.
What about Mobile?
More people are using their mobile devices to work on company information at times and places that suit them. Your plan should include rules for mobile device access, too, perhaps placing limits on what information is available to these devices. Include a policy for handling the loss or theft of these devices, including the ability to wipe devices remotely if necessary to protect sensitive data.
How can Employees Help?
As we’ve mentioned before, educating employees is a key part of making a secure data access plan work. Not only do they need to know about your data security policy and their role in protecting company data, but they should know:
- how to create and use secure passwords
- how to enable multi-factor authentication for devices and websites
- how to install and use anti-malware and antivirus apps
- how to improve security settings
Employee education reduces the likelihood of breaches through human error.
New threats surface all the time, so be sure to review your plan regularly to make sure that you’re prepared for any data breaches that might affect your business.