It’s no longer a matter of “if” but “when” your company is going to suffer data theft. It happens to so many, be they a single person, a small company, or even an enterprise-level business. According to Security.org, there were more than 3,800 publicly disclosed security breaches during the first two quarters of 2019. Those breaches exposed 4.1 billion records, which was a 54% increase from quarters 1 & 2 of 2018.
Q2 2020 hedge fund letters, conferences and more
That's huge and should also give your business pause to consider what it's going to do to protect itself from data theft. Are you doing enough? Are you doing just enough to protect the data your company depends on? That’s sensitive information right there, including:
- Company secrets
- Client and customer data
- Staff information
- Projections and predictions
If you think about it, the data your company holds is probably staggering, and its loss could put you out of business. To that end, you should be doing everything in your power to protect yourself.
But what do you do? Where do you start?
Let's dive in and take a look at a few of the possibilities that could lead to your company enjoying a heightened level of security to protect against data theft.
Hire the right developers
Let's start out at the heart of the issue. If your current software engineers aren't capable of developing secure applications and services, you're already at risk. You need to hire developers capable of rolling heightened security into the applications and services you use. This may mean you need to look for highly-trained PHP developers or .NET developers to supplement your existing team.
When you hire software engineers who are incapable of adding security layers to your applications, you might as well call out to ne'er do wells, "Open season on our data!"
But even if those developers aren't capable of rolling security into their apps, they need to at least have a solid understanding of how security works. With that knowledge, they can at least make use of other technologies (such as security APIs) for the applications they create.
Create a data theft department
If your company hasn't already done this, you need to create a data theft department. This doesn't necessarily have to be a large department, staffed with numerous employees. If your business is small, this could be a single employee charged with keeping up with (and employing) best practices to help prevent data theft.
This employee will work in conjunction with your IT department and developers to ensure two things: that your company is protected and what actions your company takes, should it fall victim to data theft. You don't want to rely on HR or middle management to serve as your liaison to security specialists. Create a department that has one task and one task only—keeping your company safe from data theft.
Employ encryption
You should be making use of encryption. With data locked under an encrypted vault, any potential thief would have to then take the time to decrypt the data before it was of any use.
Using encryption can be a time-consuming prospect, though. You'll not only have to implement the technology necessary to deploy it, you'll have to train your IT staff and your end-users to actually use it. You'll also have to make sure any client who would receive the encrypted data has the means to decrypt it.
You can also roll encryption into your PHP development projects, giving them an added layer of security.
Create and enforce security policies
You must create and enforce security policies. These can be as simple or complex as you need, but they must exist. Security policies can encompass password creation and updating, BYOD, data, hardware, and software access privileges, acceptable uses, and information sharing. In fact, there's no limit to what you can create as a security policy. If you think it could protect your data, create a policy for it.
You might also consider creating separate security policies for when an employee is within your company LAN and when an employee is outside of it. This is especially useful now with so many people working from home. Consider how users work on their home networks as opposed to how they do so when they are on your company network. There's a world of difference between those two types of LANs.
Educate your end-users
This is one of those areas that often gets brushed aside, in lieu of more pressing issues. However, it can’t be overstated how important it is that your end users are educated on data security. You could spend your entire company budget hardening your network and servers, but if your employees continue to infect their desktops with malware, ransomware, and trojans, you might as well be tossing that budget out the window and leaving your company data wide open for anyone to take.
End-users need to understand the role they play in data security, and it's up to you to ensure they get the training and education necessary. Never underestimate the importance of an educated employee base.
Define which data must have the strongest protection
If you just assume every piece of data your company has is of the utmost importance, you might wind up spending precious time and resources protecting data that doesn't necessarily need as much security.
For instance, bookmarks and browsing history aren't nearly as important as client contact information. In fact, those two data types are leagues apart. Client contact information could include credit card numbers. Sure, an employee browsing history might contain some embarrassing links, but it won't risk the livelihood of your company or your company's clients.
Because of this, you should define what data requires the strongest protections. Build a tiered system so you know what levels of data demand more security focus than others. This will make it such that you can spend time and resources where it's most needed.
Conclusion
This shortlist of information should go a long way to help your company know what it should be doing to protect against data theft. You can build upon this list to create a plan to help make sure the data your company depends upon never lands in the wrong hands.
Just remember, if you follow this plan, you'll have an employee (or team of employees) who knows exactly what to do should you suffer a data breach.
