Headlines continually appear with news of the latest cyber-attack and articles about hackers compromising, selling, or ransoming client data, and in record numbers. However, there are actions you can take, just as with any threat, to minimize risk, and you retain a positive reputation with your clients.
1. Do Not Repeat the Use of Passwords
Make it policy, a mandate, that all employees have unique passwords in the workplace. Make sure it is not remotely close to the passwords they may use at home or for their personal use, like online banking. More than ever before, passwords are being hacked. That said, when asked to change your password, think about it and consider what is required for a hacker-proof password.
If you have a hard time recalling all these passwords, and most people do, then consider an investment in the latest password management tool. It will be worth it.
2. Go on a Shredding Frenzy!
Does your recycling bins look like a dumping ground for sensitive data? Are you sure? Small businesses recycle bins, and dumpsters are a prime target for those looking to profit off your valuable client data. It is the law to shred almost all sensitive client documents and not just good practice. It only takes about 5 seconds to shred documents, or you can sign a contract with a reputable and secure shredding company. Some of these companies will even shred and destroy old hard drives as well.
Remember, it is not just a best practice to shred those sensitive client documents; it is the law in almost every instance.
3. Get Rid of the Accounting Spreadsheets
Are you still using Excel documents to crunch all your numbers? This use of spreadsheets not only makes the accountant’s job more challenging and more costly but also opens up your company to a broad scope of vulnerabilities. Spreadsheets are not designed to protect yours or your clients’ financial data, even if they are password protected.
There are accounting solutions that have built-in protection for you and your clients’ protection and security. The upgrade is worth it. Upgrade to an appropriate accounting solution with built-in customer data protections and security guarantees.
4. Train Your Employees Well
Do not rely on common sense. It may be familiar to you as an IT professional, but not typical for non-IT employees. Holding regular data-safety and cybersecurity training events a few times a year is good practice. It provides a reminder to current employees and ensures new staff knows how things should be done.
It can be very beneficial to hold special data-safety training meetings once or twice a year as a reminder, in addition to taking the time to induct new staff into the way things are done.
5. Limit Employee Access to Data (Need to Know)
You can limit access to data based on “need-to-know.” Just like a manager may guard the keys to the safe and limits who receive the keys or accesses the vault, you can do the same. As quickly as you know, an employee is leaving, start limiting access to only what they need until they leave for good. Once they are gone, immediately remove their access to everything.
Set rules on who can access what. These rules are often role-based. Questions like; Do they require access to sensitive data when working remotely or from home? Should they be able only to view files, or can they change them?.
6. Update Your Software!
Having old versions of software is an open invitation to hackers and is the most preventable security issue.
Hackers look for known weaknesses in software, especially business software, and can walk right in when they find the flaw. Yes, those pop-ups and constant reminders to update can be annoying, but they are intended to help you keep data safe. Listen to them!
Updated software closes off avenues of attack for hackers and protects you against viruses and other bugs.
Do you have suggestions and comments regarding 6 Easy Tips to Protect Your Client Data? If that is the case, I kindly ask you to share them. You can leave your comments, suggestions, and inquiries here, or you can Contact Us.
Do you wish to start receiving articles about ITSM, IT Policy, IT Consulting, and other IT service management information today? Start Here!