Conduct a Year-End Review to Stay Secure
In our personal life, a purge of unwanted or unneeded stuff can be liberating and satisfying. In business, reviewing your online data, hardcopy records, hardware, and applications with an eye toward purging can be a satisfying and security-enhancing effort.
The end of year, when operations might be slower, is an ideal time to review and purge. A records clean-up day can be a great opportunity to urge all departments to allocate time to clean up working files, delete unneeded content, and prepare records for transfer to archives. You can even find resources on how to plan and execute a records clean-up day. Let’s take a look at some areas to target during a clean-up effort.
Review Your Data
When it comes to online data, the first step in any clean-up operation should be an analysis of what you have. Any attempt at data reduction must identify content not needed for business purposes and content an organization is not legally required to keep.
Even for content that must be retained online, ask yourself if it is necessary to retain this data on your network where it is susceptible to stealing or ransomware by inside or outside attackers. Consider opportunities to introduce offline archiving for some of your data. Data analytics tools can help organizations review large volumes of old data to determine the content available for offline storage or deletion.
For online merchants, it makes sense to constantly evaluate what customer data you are storing and make efforts to not store more than you need to. Storing credit card details opens you up to risks and vulnerability; consider integrating with mobile payments for customer convenience and improved security.
Review Your Hardcopy Records
Once the business and legal need to retain hardcopy records expires, consider working with a secure disposal vendor to shred old documents.
Review Your Storage Devices
Chances are your IT department has a room filled with old laptops, smartphones, and IoT devices. These physical assets pose several threats, including theft of the device and theft of valuable data on the device. And it may not be just insiders that have access to the old technology, but also third-party contractors and vendors in your office.
If a device cannot be repurposed, get rid of it. Throwing away the device or re-formatting are not secure disposal techniques. As with your hardcopy records, engage with a secure disposal vendor to completely retire the asset.
Review Old Applications
A clean-up day is a good time to identify old software that should be retired. Encourage employees to work with your IT team to remove applications they are not using. If you use online monitoring software, you can obtain insight into applications in use across your organization and compare this list to your list of licensed applications to identify retirement (or reduced licensing) opportunities.
Your IT team can also focus on identifying old – and potentially vulnerable – applications on your clean-up day. Hackers often scan networks in search of vulnerabilities that can be used to cause damage or gain access. A recent example of old applications doing harm is the Equifax breach. Equifax admitted that the recent hack exploited a vulnerability on its website, and good-guy hackers have found myriad old technologies running the Equifax site, many of which could be vulnerable to cyberattack. One researcher discovered a link in the source code on the Equifax consumer sign-in page that pointed to Netscape, a web browser that was discontinued in 2008.
Encourage staff to come to work in jeans and get involved in the clean-up day to help your organization maintain security. And don’t forget the holiday cookies to maintain energy and spirit!
Best Cyber Security Practices for Small Businesses
Takeaways on Protenus Healthcare Breach Reports: Insider Threats & Data Extortion
Tips For Cultivating and Training Your Next Cyber Security Employee