The owners of new businesses, for obvious reasons, are often in a rush to become operational and start earning a profit. However, they may be ignorant of the risks involved in handling sensitive data — whether their own or that of their clients. This inexperience may lead them to not prioritize data security, leaving them vulnerable to hackers and identity thieves. Learning these common mistakes may help ensure that your businesses does not fall victim to this type of security breach.
# 1: Careless Password Use
When people start working for a new business, they are often anxious to make friends and fit in fast. In the spirit of sharing, they have no qualms about giving out their passwords to their colleagues. In addition, many people use extremely simple passwords that are easy for hackers to guess — a birth date, a pet’s name and the like. Unfortunately, this careless use of passwords can seriously compromise data security.
# 2: Undefined Security Policy
New businesses often have no official policy regarding passwords, data security and the like. Setting up this type of policy can help avoid the egregious security lapses that often arise simply due to individuals not knowing to create a sufficiently complex password, to change it regularly, who to share and who not to share sensitive data with and similar concepts.
# 3: Improper Data Handling and Transfer
Businesses that are just launching often lack clear procedures for handling sensitive data. Employees, therefore, will often carelessly transfer data between different computers and individuals. For example, they often use USB drives without covering their tracks, not realizing that the data they are handling could easily fall into the wrong hands. USB drives are also known carriers of viruses and could end up infecting an entire office network if preventative measures are not set up in advance.
In addition, workers in a many businesses are issued such data devices as laptops, smart phones and memory sticks. Particularly in a new business, if they lose any of these items, they may take a long time to report the loss — if they report it at all — simply because they do not realize the necessity of doing so. In many cases, however, these lost devices contain crucial client information. Failure to report their loss means that the company is unable to guard against the misuse of the data, such as by changing passwords.
# 4: Installation of Unsafe Software
The largely unregulated environment of a new business may encourage staff to install personal software on company computers. This can be especially problematic when this software interferes with the proper function of your antivirus suite. Whether by causing computer crashes, or by introducing viruses, this causes client data to be put in jeopardy.
# 5: Poor Data Encryption
Established companies generally have well-established data encryption systems to protect data being sent over the internet. If this data is intercepted, it cannot easily be decoded and misused. New companies, however, may send sensitive data online without encrypting it. Anyone who intercepts the message has access to all the data it contains. Ensuring that all sensitive data is encrypted before it is transferred over the internet can help keep this from happening.
About the Author: Guest post contributed by Anthony Mackens, on behalf of Phoenixts.com – a training solutions provider for various courses, including CEH Certification and Certified Ethical Hacker Certification.