James Saylor, The Daily Record Newswire
Organizations need a strong security strategy to keep their data safe from loss or hacking. Data breaches cause companies and individuals to lose millions of dollars each year and have become an increasingly common occurrence.
Even the IRS recently reported that as many as 100,000 individuals’ personal information may have been compromised due to a data breach. Multinational corporations, individuals and even governmental agencies have to be on the defensive against unwanted intrusion or interception of sensitive information.
In the business world today and more specifically in the financial aspect of the business world transfers of sensitive data occur frequently. Electronic transfers of sensitive data and communication of confidential information via email and over the Internet in various ways are common occurrences. As data breaches around the globe are on the rise, it is important for businesses and individuals to remain vigilant to keep their information and the information of their customers safe.
There are some basic things that businesses can do to help internal data and that of their customers remain as secure as possible. A few security protocols include proper network and station controls to ensure that workstations are only accessible to the intended users and that each user only has access to the specific areas of the network needed to complete their jobs.
Requiring the use of strong passwords and changing of passwords routinely will help with internal security. Ensuring that mobile devices connected to the network follow basic security protocols like passwords and limited access also assist in keeping unwanted access at bay. The use of adequate firewalls and intrusion detection systems, while more costly, are necessary pieces of software to ensure that confidential data is not breached from external forces.
Perhaps one of the most important defense mechanisms for a business is to promote a culture of cybersecurity with-in the business. This ensures that everyone has awareness of what cybersecurity is and what their role is to assist the IT team in keeping the network and confidential information safe.
Something as simple as having rules requiring that any data transfer containing sensitive information use a drop box or some form secure email system helps to communicate that the firm is committed to keeping sensitive information safe.
Unfortunately, the risk of loss does not stop with the business or entity that uses the information, particularly in the context of accounting or dealing with financial information. Education about the importance of cybersecurity has to be communicated to the customer and end user of the data. Often end users are the individuals who have the most to lose and whose information is the most at risk.
Ironically they are the ones who often do not understand the risks and do not necessarily appreciate the security protocols in place by the businesses. Keeping information safe while sending and receiving it between the company and its customers is the key to having proper security protocols. Clients and customers can become agitated when the flow of information is interrupted with passwords and additional steps to access their information, like secure email. However, educating them as to why these procedures are necessary and assisting them in setting up their own protocols can help them to understand the necessity of these additional measures.
Simple suggestions for individual customers such as the use of complex passwords on a PDF file or masking identification numbers and bank account numbers will help protect the information from being easily stolen. It is important to note that the use of passwords requires that both parties know the password. Sending a password-secured document with the password for the document in the email or even in a separate unsecured email can be just as damaging as not protecting the document at all.
Best practice usually consists of a phone call to the customer with the password or setting up a password ahead of time. End users and consumers in the financial industry are often at the highest risk of individual loss and educating them is as important as protecting their data inside of the business.
Another important aspect of cybersecurity and keeping sensitive information safe is ongoing monitoring of the information and security protocols. It is important for businesses to monitor their firewall, security protocols and best practices to ensure that there are not any breaches or attempted attacks and that policies are keeping pace with the individuals whom would like to steal the data.
Likewise, individuals should not send sensitive information unprotected over the Internet and should keep basic security protocols in place like passwords on their devices and keeping their credentials for access confidential. Individuals should also check their credit reports periodically to ensure that credit cards and other financial information have not been compromised.
There are some basic steps that all businesses and individuals can take to keep confidential information safe. Although these are best practices, in the ever-evolving world of hacking and cybersecurity, there is not an absolute way to ensure 100 percent security. It is everyone’s responsibility to be vigilant and aware when it comes to cybersecurity.
—————
James Saylor is a manager with Mengel, Metzger, Barr & Co. LLP. He can be reached at (585) 423-1860 or via email at jsaylor@mmb-co.com.
