Don't be a Victim or Contributor to the Next Recent Data Breach!

Unfortunately, impenetrable firewalls and up to the minute defensive software aren’t enough to keep organization (and consumers personal information) safe from cyber attacks and data breaches. Information technology teams could be doing every that is needed correctly, but companies may still be at risk from internal threats – because just one employee lets their guard down and compromises the safekeeping of personal data.

It’s a fact that most data breaches and other security incidences occur because of employee negligence. Many companies simply do not have privacy and data protection awareness training for employees and others with access to sensitive information. Even more companies do not have programs in place to train customer service staff to deal with consumer inquiries regarding a data breach after it has occurred.

Cybersecurity and data breach preparedness is everyone’s job, June is National Internet Safety Month; the perfect time to foster a proactive culture of vigilance among consumers and more importantly employees, who hold many people’s information in their hands. Since it is likely that nearly everyone in just about every business and organization uses the Internet in some capacity, it is imperative that they be aware of personal cyber risks.

This month, Advanced Florida Security and Investigation believes it is imperative to consider our personal responsibility in the following areas and also in providing training programs on these vital topics if you are a business owner or manager:
• BYOD (Bring Your Own Device) – Nowadays, it is very common for employees to use personal devices such as smartphones and tablets to do work activities such as send emails and access personal data on company servers. Every organization should have a clearly defined BYOD policy and all employees should be aware of expectations and limitations regarding their use of personal devices at work.
• Control personal Internet use at work – During lunch hours and coffee breaks, employees are typically free to shop online and check their personal emails. They may also be doing these personal activities during down times at work, but are they using company systems to do it? Personal Internet activity at work does not just threaten productivity, but more importantly, it may put your systems at risk, too. Bogus websites (such as was used in the Anthem mega data breach late last year and the U.S employee data breach this year), suspicious links and email attachments can expose your data and systems to viruses, malware and data breaches.
• Route all software downloads through the IT team – As part of a company’s cybersecurity policies, employees understand that only the IT team is authorized to download software. If an employee wishes to download business-related software to his or her work PC, they should have IT review the software first and then download it for them. This not only helps ensure that the IT team is aware of every piece of software in your system but that it is safe to download and downloaded correctly.
• Email information security – Email is a primary mode of communication in many offices, and it is definitely not unusual for key employees to handle hundreds of emails each and every day. Policies should be established as to what type of information can be shared via email. This will help to protect business’ sensitive data.
• Password protection – Compromised employee credentials has been linked to many data breaches such as the Anthem mega data breach that occurred late last year and was disclosed earlier in 2015. Recently, a U.S employee data breach tied to Chinese intelligence involved a similar modus operandi. Investigators believe that in both cases, hackers registered deceptively named websites to capture employee names and passwords. It is absolutely vital that employees not only protect their logon IDs and passwords, but that they craft strong passwords and change them regularly to ensure that personal information is secure.

While June is a great time to focus on cybersecurity, the focus and dialogue between employers and employees should continue year round. As individual consumers, we should also be aware of how we access and use data. Data breaches pose significant risks to everyone. Every company should strive to ensure their organization is well protected and every consumer should strive to protect their personal information as best they can. For more information and assistance if you have been the victim of a cyber attack or data breach, contact Advanced Florida Security and Investigation.