If you walked into the office this morning to find that your customer information had been compromised, or a disgruntled employee had wiped a database clean, would you be prepared? Have you set preventative measures in place to safeguard you against total loss? Do you have security features in place to help you retrieve lost data? Are you able to continue with business as usual or would a security breach such as this bring you to a standstill?
It’s a lot to think about, but according to USA Today, approximately 43% of businesses encountered a data breach at some level in the year 2014. With percentages like this, the likelihood of it happening to your business is high. So again, are you prepared? Below are a few signs to determine whether your data loss prevention plan is intact or if your company’s data is vulnerable:
1. Do you have the proper software?
Most small businesses will assume that having the basic virus protection on their computers is enough to ward off impending threats. However, the truth is that experienced hackers and even internal employees can steal, delete, or damage sensitive data despite the basic virus protection.
If all you have is a simple software package to protect against viruses, you may want to think again. Investing in more comprehensive software like data loss prevention software can safeguard you against internal and external threats. Such software keeps track of suspicious behavior, blocks access, when necessary and reports it to key personnel so that the issue can be resolved before it becomes serious.
On Open source you could test OpenDLP
OpenDLP is a free and open source, agent- and agentless-based, centrally-managed, massively distributable data loss prevention tool released under the GPL. Given appropriate Windows, UNIX, MySQL, or MSSQL credentials, OpenDLP can simultaneously identify sensitive data at rest on hundreds or thousands of Microsoft Windows systems, UNIX systems, MySQL databases, or MSSQL databases from a centralized web application. OpenDLP has two components:
- A web application to manage Windows agents and Windows/UNIX/database agentless scanners
- A Microsoft Windows agent used to perform accelerated scans of up to thousands of systems simultaneously
2. Is Your Sensitive Data Encrypted?
When you have sensitive data, such as company financials, consumer information and so on, it becomes important to add several layers of protection. If you’re simply saving documents to files that are stored on company computers, this isn’t enough protection. It leaves information susceptible to being stolen and used at a later date.
Encryption is necessary when working with sensitive data. Encrypted documents require a password for someone to gain access. Without this password or encryption key, the document is seemingly useless in that the codes cannot be deciphered.
Open source offer a lot of different solution on this field, as first step I’d suggest to check the GnuPG project:
GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications.
There are a lot of frontend applications that you can use on your PC, a long list it’s available on this page
3. Is All Information Backed Up?
When files are created and software is installed on your company server, is the information being backed up? All too often, businesses make the mistake of assuming that a saved document will always be there. The truth is, if the system was to be wiped out or even accidentally deleted, there is no getting it back.
All companies should back up their data. This way if there is a security breach you won’t have to waste time and money trying to recreate the pertinent information. There are several ways a company can assure their data is backed up. This includes saving everything to a physical device (i.e. a USB flash drive), setting up backup features through Microsoft, or storing all information in the cloud.
As backup server for small to middle enteprise I’d suggest to check bacula
Bacula is a set of Open Source, computer programs that permit you (or the system administrator) to manage backup, recovery, and verification of computer data across a network of computers of different kinds. Bacula is relatively easy to use and very efficient, while offering many advanced storage management features that make it easy to find and recover lost or damaged files. In technical terms, it is an Open Source, network based backup program.
According to Source Forge statistics (rank and downloads), Bacula is by far the most popular Open Source backup program.
Or for your personal desktop you could check these software
4. Do You (and Staff) Change Passwords Often?
Passwords are a great layer of protection for companies that utilize software and databases on a regular basis. Creating authentic passwords is one way to ensure they’re not compromised, but changing them from time to time is also advised. If your company passwords are simple to figure out and have been the same for the past five years, you’re leaving company data vulnerable to a breach.
Instruct your staff to switch their passwords at least once or twice a year. You should also remember to change passwords and usernames to accounts of old employees to ensure that they cannot access the information and use it to their advantage.
5. Have Your Employees Been Properly Educated?
Do you have rules, regulations in place as it pertains to data protection and security? If it’s been a while since you’ve had a staff meeting or training on data protection and security, you could be at risk for a breach.
Your employees have access to important information that could easily be compromised (intentionally or unintentionally). In order to ensure that they’re aware of the potential breaches, how to handle information and passwords, and what to do if they suspect suspicious behavior, you’ll need to train them on a continual basis. Training annually, having policies and procedures in a general area and having staff sign off on contracts is a surefire way to keep everyone on the same page.
It’s a digital world we live in. While technologies and software make it easier for us to do business, it also opens the doors for potential threats. If you answered ‘no’ to any of the above questions, you’re not prepared for a possible security breach. Taking preventative measures are necessary, whether you own a brick and mortar shop or an e-commerce site. If you’re not sure where your vulnerabilities lie, consult with an IT professional for a security audit to bring these risks to light.
Popular Posts:
- None Found
This is a great article and very closely related to my business. I am the cofounder of EisenVault an year old startup with a focus on digital document management based out of Delhi, India. We come across a number of individuals and organisations which have lost data or important papers because of lack of education on data security. India being not a mature market, we are facing a tough challenge of educating small and medium sized organisations on how important is to go digital for managing business documents.
Thanks
Vipul