Securing company data is like fixing a roof— you don’t think about it until you have a leak. And those leaks can be expensive. The global average cost of a data breach was $4.24 million in 2021, according to an IBM report. (Talk about breaking into your rainy-day fund!)
Of course, that number—the $4.24 million dollar global cost of a data breach—includes breaches from some pretty high-profile companies (For example, Facebook and Amazon had a breach in 2021.) So, it’s not like your company will necessarily be swindled out of millions. But there’s definitely a lesson to be learned here.
Clearly, company data protection isn’t something you should worry about after a leak or after an employee suddenly leaves on bad terms. Securing your company data is critical to protecting your money and your business.
Check out our HR best practices for keeping your company’s information safe. We asked our top inside experts for their advice. So we’ve added HR pro tips to keep burglars from stealing your data – and your hard-earned money.
5 Crucial Company Data Security Best Practices
Big companies are, in general, way ahead in the ever-changing data protection game. But there’s a lot that small businesses can learn from their best practices. (Underdogs, unite!) We’ve listed the ways to protect yourself against security breaches that we’re seeing with our larger clients.
1. Protect Against Phishing Scams
Unfortunately, phishing scams are becoming more common and – what’s worse – they’re becoming more sophisticated. Generally, a scammer will pose as the owner of a company and ask their accounting department to make a transfer to a new bank account. Many phishing attacks simply send a fake invoice or ask for payment in gift cards.
The problem is that scammers know their stuff. There’s no stand-out grammatical errors in the invoices, no elaborate requests and they look legit. The best way to combat scams is to raise employee awareness on what popular scams look like, how to flag new account transfers and to criticize any requests for money.
The $121 Million Email Scam
According to Bloomberg, scammers orchestrated a scheme that sent fake emails to trick Facebook and Google employees. The thieves pretended to represent one of their hardware makers, Quanta Computer. They told Facebook and Google workers that the companies owed Quanta money, and then directed payments be sent to bank accounts controlled by the scammers. The scheme netted about $23 million from Google in 2013 and about $98 million from Facebook in 2015.
2. Install a Firewall
A firewall acts as a barrier that monitors and blocks suspicious traffic. It’s the moat around your castle, only built out of cyber-bricks. Firewalls are the first line of defense in network security and establish a barrier for your controlled internal networks.
Big companies rely heavily on basic measures like two-factor authentication, firewalls and anti-malware solutions. Be sure to install quality antivirus and anti-malware software on all computers used for company purposes, and set up regular scans. Protect your network with security software and always keep this software up-to-date. Trust us, a quality firewall is a must-have. There’s a reason why major businesses invest in the protection a firewall offers.
3. Backup Files
If it’s not already part of your security routine, be sure to backup your files on a regular basis. If your files are ever compromised, you don’t want to risk losing everything you’ve worked so hard to build. Having a recent backup will enable you to restore your data so you can continue to operate. (Thank you, cloned files.)
Failure to backup data compromises your information. Having all of your data in one place opens you up to the risk of theft, viruses, malware and ransomware. In the case of data loss, having redundant backups is critically important.
Be sure to make it a point to back up files when off-boarding employees. It’s just the reality of the corporate world – employees come and go. Unfortunately, many departing employees end up unknowingly taking confidential corporate information with them. You need to have a process to men-in-black style wipe company data from employee’s devices when they leave.
HR Pro Tip
Have processes in place for off-boarding and device disposal for any laptop, computer, thumb drive or any equipment that stores company data.
4. Limit Access
This is a big one. You should only provide employees with the access they need to perform their job. Sharing too much information is a risk to data security and makes it difficult to pinpoint where a breach started.
Get with your human resources team. Experienced HR can set your business up for success and implement appropriate access controls. (Need kick-ass HR? We know some people.) Let HR define the data that an employee needs to use even before hiring or onboarding them. Limited access = optimal employee data protection.
Let HR train employees on your internet safety and security policy and procedures, your security software, recognizing potential security threats, and creating strong passwords. It’s important to make sure everyone knows your company policies on data security.
5. Know Where Your Data is and Where It’s Going
It’s important to know what data is being stored and where. This includes laptops, company hard drives, company-issued cell phones and other electronic devices. You need someone on your team with compliance laser-vision: high-level visibility into all corporate data across every part of your infrastructure.
Have someone on your team who understands your data flow. That empowers you—the decision maker—with knowledge to make informed decisions on creating effective data protection policies.
HR Pro Tip
Never, ever email sensitive information such as W-2s, benefit enrollment forms, completed census forms, or anything with social security or credit card numbers. Email databases are notoriously insecure, and if malicious parties get access they can often see or get everything.
The Next Step: Training Employees on Data Protection
It’s up to the higher-ups to champion employee data protection. You probably have some pretty awesome humans working at your company. Your employees are #1 in a lot of areas: customer service and revenue generation— just to name a few. Unfortunately they’re also the #1 cybersecurity threat to your business.
The key to employee data protection is thinking ahead and being cautious. Without paying close enough attention, employees can miss easy signs of scams or other major cyber risks. Prevent scams and boost security with the following tactics:
- Always pay close attention to the sender of an email
- Don’t respond to scammer emails outside the organization
- Don’t click links in emails from outside of your organization
- Be aware that hackers pose as employees through email
- Double check the site before entering sensitive information
- Use a shredder for sensitive information
Company data is valuable, especially to small businesses. Whether your company is big or small, there is always the risk of sensitive information being stolen, leaked or handed over through various scams. As a business leader, it’s up to you to ensure employee data protection and company data security. Check out our cybersecurity checklist to see how your business is doing.