7 Data Protection Strategies for Your Environment
As the person in charge of data protection and security in your office (or even in your personal life), you may just break out in cold sweat once you realize all the sensitive data your users have stored up on their devices. You wonder, “How in the world can I protect against a data breach while the computers are on my watch?”. Well, not to worry! Here’s a look at 7 actions you can take to protect that data from loss and unauthorized access while it is still under your control.
1. Educate Employees
Your users are your first line of defense. Make sure they understand the risks of data loss and access to your organization. Equip them with the knowledge and tools they need to successfully manage their data. Wikis, onboarding packets, and brown bag lunch & learns are great ways to make this happen. Furthermore, friendly reminders on data management are greatly appreciated.
2. Passwords, Passwords, Passwords
Many users have a system for remembering passwords – some do not and just keep the same password for EVERYTHING (bank account, work email, computer, social media, etc.). This is big no-no for data protection! Having a sound password policy would be a huge step in protecting yourself from these potential security gaps. Moreover, you may just force these technology laggards to adopt a sound password strategy, starting with your environment!
For some, data loss is nearly as bad as a data breach! To combat this issue, schedule nightly backups with a native backup client or a 3rd party backup system. If another computer bites the dust, you can be the hero restoring your users in a few quick clicks!
4. File Permissions
One of the best ways to prevent unauthorized access or transmission of files is to lock down the files to only the users who need them. If I am a developer, I likely would never need to access our employees’ HR documents and an HR team member likely would never need to dabble in our code – remove this possibility with file permissions. Again, this could be done via native file permissions or a 3rd party (like Google Drive).
5. Physical Locks
No matter how good your software security measures are, physical security is low hanging fruit in terms of data protection. After a computer is stolen, it would be very hard to recover any important data off that machine since your user cannot physically access it anymore (not to mention the bad guys are one step closer to grabbing data off that machine since they now have it in their possession). There are many options when it comes to physical locks on the computer (some even resemble bicycle locks). A disadvantage to physical locks is that it severely prohibits laptop portability. If that is not an issue for your employees, this might not be a bad idea!
6. Hard Drive Encryption
With today’s technological capabilities, hard drives are easily accessible via many USB adapters and hard drive bays. In short, this means IF a computer is stolen and unscrupulous agents are able to connect directly to the hard drive, data may flow into the wrong hands very quickly. Encrypting devices is an easy way to protect against this issue, setting up a forcefield around the hard drive and the data itself in the event the physical machine gets stolen. There are many out-of-the-box options for encrypting your machines such as FileVault (Mac) & BitLocker (PC).
7. Proactive Swap Schedules
Finally, one last thought on data protection comes down to hardware and software management. Many organizations do not have a plan in place for proactively swapping users’ old machines (after the warranty ends or after a certain timeframe). Instead, swaps are typically done reactively (once the machine breaks down or has an issue). This approach results in many out-dated machines in the environment, some with an operating system or software that may not be supported anymore! To counter this issue, try proactively swapping your users 6 months before their machine goes out of warranty. The long run gain on this is a more consistent environment, happy users, a more focused IT staff, and the ability to turn those machines into cash sooner rather than later!