3 Frightening Ways Your Data is Vulnerable
Cornell in Denver Colorado was recently fined over a quarter million dollars for improperly disposing private information.
In the incident, protected paper records were not shredded, rather they were dumped in an unlocked outside trash container. The protected records exposed to “dumpster diving” included sensitive and private data.
In the modern era, when we think about data breaches, we typically think about computer attacks. It’s important to consider enforcing procedures and policies across all aspects of the business. The strength of your firewall and sophistication of your password policies are rendered irrelevant if personnel across all levels of the business are not trained and supervised correctly.
In the following discussion, we examine 3 common, often overlooked sources of data breaches.
1. Your Employees
Whether its lack of training, failure of supervision, or a malicious disgruntled employee, the human element is the number one causal factor in most data breaches. Policies meant to protect and secure the handling of data-rich documents and resources are relatively easy to put down on paper, but employees must be properly trained and continuous, diligent supervision must be in place for policies to have any benefit.
Likewise, policies must be consistently implemented to protect company resources from disgruntled employees. If a termination is necessary, the time to lock-out the employees access is ideally BEFORE termination occurs, or at the very least in real-time during the termination process. Former employees who are left access, even for just hours after termination can do untold damage to security and operations. Even something as seemingly harmless as social media account access must be handled with promptness.
2. Mobile Devices
Most, if not all of your employees and support partners are going to have mobile phones. The reality is that even affordable modern phones are powerful mobile computers with extremely sophisticated capabilities. With wireless technologies like Bluetooth, phones need not be physically connected to data-sources for access.
In addition to implementing an effective “BYOD” (Bring Your Own Device) policy, features that may be active, but unneeded on computers and other devices, such as Bluetooth and open USB ports should be disabled or secured.
3. Third-Party Vendors
Cloud service providers, email and web hosting companies, and even maintenance and support vendors must be properly vetted. As an example, the infamous data breach of retailer Target is widely believed to have been initiated through their Air Conditioning vendors systems. Up-to-date compliance statements from vendors is essential, and third party personnel with physical or digital access to a companies secure information environment must comply with internal policies.
At Comtech, we implement a multitude of far-reaching measures to ensure the security of our digital, physical and human resource systems against data breach or loss. Annual third-party security compliance audits, bi-annual breach testing, ongoing training and supervision of personnel, and various physical and digital security systems all work together to ensure that we meet the highest standards for security compliance.
Are you interested in working with a partner in b2b, b2c and direct marketing and communications that understands and lives by security compliance across it’s entire operations? Then give us a call. We are Comtech, we are data security. 405-843-3185
- 5 Resources for Every Graphic Designer
- What is Data Quality and Why is it Vital?
- SEO Part 2: How Can SEO Benefit You?
- SEO Part 1: What is SEO?
- It's Time to Think About White Ink
- December, 2015
- December, 2014
- November, 2014
- October, 2014
- August, 2014
- July, 2014
- June, 2014
- May, 2014
- April, 2014
- March, 2014
- February, 2014