Client Login

7/16/2019 By Carrie Scott and Justin Holden

These days it seems that one hears about a new data breach, technical security issue or spoofing/malicious attack every week.  With these instances happening more and more, companies and individuals who use data or technology for their everyday livelihood need to be all the more cautious.  While there is no one size fits all solution for data security, there are some steps that can provide safeguards toward these types of issues.  At KCIC, the security of our systems and the data of our clients is of the utmost importance. While the world of data security is vast and there are many options and possible solutions to implement for data security, we found the below tips to be a starting point for general best practices.

1.    Use Anti-Virus software

Anti-Virus software is essential in today’s world. Malware infections are one of the most common ways bad-actors can compromise a company’s infrastructure and data. Maintaining and updating state of the art Anti-Virus software is the simplest, easiest, and most effective way of combatting malware and keeping your systems safe.

2.    Use a Firewall

Be it hardware or software based, a firewall is one of the most important components for maintaining network security in an office environment. Think of a firewall as the protective barrier that surrounds the internal online/network environment, it will manage and control the flow of incoming and outgoing traffic on a network and can provide crucial defense from attackers.

3.    Enforce safe password practices

Passwords are the proverbial ‘keys to the kingdom’, yet according to the 2019 Verizon Data Breach Investigations Report, over 60% of hacking data breaches occur as a result of stolen credentials. Therefore, protecting user passwords is key to keeping a company’s data safe.  Some actions like requiring passwords be updated every 60 to 90 days or requiring minimum password lengths and mixtures of characters are the bare minimum for keeping a business safe and secure.  While there are additional practices that can be implemented for password protection, it can’t be stated enough that the employees or end-users are often the first line in this defense; education of your users is crucial.

4.    Provide Employee Education

Arguably the most important aspect of data security is user education. All the security measures in the world won’t matter if a user is tricked into giving up their access or credentials to an attacker or if they open an attachment which contains malware.  In fact, in that same Verizon report mentioned above, they found that 94% of malware is delivered via email.  Educating users about common security threats, such as phishing attempts, spoofed email accounts and fake wireless access points, and teaching security best practices will do wonders for a company’s continued security.

5.    Take regular backups of data

Catastrophic loss of company data or client’s data is a disaster no company wants to face. Data loss can occur for a myriad of reasons, from hard-drive failures, to employee negligence, or to ransomware attacks. Having secure, recent, and complete backups can make the difference between success and failure for a company at the end of a data loss event.

6.    Draft a Plan

While no company wants to have any kind of technical disaster or data intrusion/loss, it is always good to be prepared. Just like companies have a plan in case of a fire in the building, companies should also have a plan in the event of a technical issue.  A robust plan will not just cover total technical failures but other types of incidents such as partial data loss, intrusion detections, DDOS attacks and more.  Also, don’t forget to loop in the risk manager as these incidents will always have an insurance component to them. Taking the wrong steps while in the heat of an incident and trying to remediate the issues could impact the availability of insurance coverage in the long run!  Reviewing the steps for technical and insurance recovery plan before you need them can save you a lot of time (and heartache) in the end.

Carrie Scott

About Carrie Scott

Carrie Scott is KCIC’s technology lead, both in operations/infrastructure and for development. “I work with a talented group of people to make sure our technology stays innovative and top of the line to support our client’s needs,” she says. “I also focus on the Consulting side of our practice, leading many clients through their day-to-day and long-term strategic goals.”

Learn More About Carrie