With all of the recent data breaches, the nervous jitters among those who have spent time ordering new credit cards or signing up for credit monitoring are no surprise. The possibilities of what might happen seem overwhelming and with no easy cure, action perhaps seems too daunting.
The threats are daunting because we have for too long relied on others to make our online experiences safe. At home we might not see the need to install anti-virus software, use encryption, or set-up a secure Wi-Fi network. At work, we assume these are just issues for the information technology department.
What we fail to recognize is that the most significant threat is people making bad decisions because they have little knowledge about data security. Our collective reliance on someone else plus a defeatist attitude predicts failure. If we don’t think about security at home, then the burden of security protections seems unnecessary at work.
We all need to do a self-assessment. Start with your passwords. Don’t use the same password or variations for multiple accounts. For mobile devices, choose six character passwords. For laptops or desktops, use a pass-phrase, which is akin to a complete sentence. The trick is to think of a quote from a movie, a line from a song, or pick random sentences from a book that you carry, or keep in your desk or on your bookshelf. Every password should change on a 90-day cycle.
Business owners need to gain an understanding of their legal obligations to protect company information — identify what you have, know where it is kept, and determine who has access. Document your security strategy, train your employees so they understand their roles, and develop a breach response plan identifying your first responders — those you will call on when a laptop is lost, a virus shuts down your servers, a terminated employee walks out the door with a gigabyte of data, or a cybercriminal hacks your system.
Our advice — be proactive. Educate yourself and your employees about what steps each person can take to secure data. Start small like discussing proper passwords and identifying suspicious emails. Work with your employees expecting that a breach will occur and practice your plan on a regular basis making it more than just words on a page.