Is Your Enterprise Making Sensitive Information Unintentionally Vulnerable?

by Trent Pham
March 14, 2018

Most employers take great care in protecting any and all employee personal information they store, such as social security numbers and credit cards used for travel. When that care doesn’t extend to making sure employees, themselves are taking effective measures for protection, the result is multiple points of potential compromise that can severely damage an enterprise’s brand.

How is your own organization doing? Consider the following three best practices to ensure that data is more completely secured throughout your enterprise.

  1. Advise employees to use a unique password for each vendor site they access. It’s unfortunately common for people to use one password for most, if not all, of the sites they routinely visit. Many who follow this practice assume that as long as they re-use a strong password not easily guessed, they’re covered. Yet if all vendor sites have the same password for an employee, and any one of those sites gets compromised, the time it takes to compromise all sites involved is greatly reduced – making it much more difficult to prevent further damage from the intruder.
  2. Maintain an ongoing anti-phishing campaign. Cyber thieves who orchestrate phishing campaigns are gaining in sophistication, and many of the emails they send are not immediately identifiable as coming from someone other than the purported sender. That’s especially true when the email is personalized and addressed to the recipient’s business email address – and knowing the format of a single employee’s email address makes it very easy to personalize phishing emails for others. Encourage employees to report any suspicious emails they receive rather than open them or respond, so that you can block emails from that source and alert other employees that they may be targeted.
  3. Extend security policies to physical measures for documentation. Dumpster-diving is alive and well, and often turns up the documentation employees print for internal use that includes personal identifiable information or confidential information that could be used against the company, such as meeting notes. Make sure employees have easy access to paper shredders, and that they understand the need to use them for all documents containing information of any degree of sensitivity.

A solid managed network security solution can assist in many of these measures with automated, 24/7 threat protection, including intrusion protection, anti-virus protection, DDoS mitigation and immediate updates when new threats emerge. In many cases, these services will, for example, automatically scan emails with attachments and block documents that contain viruses and malware. Any enterprise that does not have such a solution, and those that haven’t upgraded recently, are encouraged to make sure they have a high level of managed security. Be sure to extend this to remote employees, who should be covered by protection on their personal internet access points.

It’s also important to remember that no managed security solution can button up an enterprise 100%. Complete security requires vigilance on the part of employees, who can form an important front-line defense against intruders who seek to gain access to information within the workplace. A program based on the three principles outlined above is a great place to start.