Close

+1 (888) 982-9248 info@techassure.com

Archive for category: Data Storage

by

5 Ways BYOD Policies Can Increase Data Breach Vulnerability

If you are responsible for managing risks in your organization, you know that any unforeseen incident can endanger the assets and earning capacity of a business. While it’s clearly important to have a solid insurance program in place, having a comprehensive risk control plan in place is equally important.

As the concept of Bring Your Device (BYOD) enjoys growing popularity amongst businesses, many employees are celebrating their newfound freedom of accessing data on the go beyond the confines of the cubicle. By using the BYOD concept, companies are enjoying reduced costs in the form of decreased expensive hardware configurations and are seeing the benefits of having a growing mobile workforce. However, what these firms did not anticipate was the growing possibility of data security breaches.

Hackers can breach company networks using linked applications, such as a company’s email account to access, extract and erase sensitive data. By accessing social media and personal email accounts, hackers easily obtain the information they need to wreak havoc.

In addition to securing a solid corporate insurance program for your organization, there are five things your company can do to overcome these security risks with BYOD. Jeff Stark, CPA, describes the following measures to help prevent a data security nightmare.

Identification of weaknesses and risk assessments. Sensitive data can’t be protected if it is not identified. As a result, Stark recommends that you begin by educating users on which data is confidential. It’s also important to follow up with assessments of your firm’s physical and network security. The rule of thumb is that if there is easy remote access to data storage sites from mobile devices, then effective network security is not sufficient. One measure is to ensure a password policy consisting of minimum character lengths, special characters, and changes to the password on a regular basis. Remember to have your IT department insist that employees not write down their frequently changing passwords and leave them in plain site in their workspace.

Establish levels of access. General users should not be granted access to the same areas that administrators and other higher end IT personnel have. Stark recommends that these “super-users” access a separate rights account or role for network management.

Use firewalls and encryption. Firewalls prevent unauthorized access to begin with and are a basic requirement. Network encryption adds a second layer of protection to prevent the wrong parties from accessing sensitive data.

Use offsite backup systems. Catastrophic data losses occur when in-house equipment fails or is breached. Whether it is cloud-based and/or physically located offsite, data is more adequately protected from many types of disasters as well as physical security breaches and damages.

Periodic auditing. Just because you have established data security measures, it doesn’t mean that you can now rest and let your guard down. You must carry out periodic risk assessments because of ongoing changes and upgrades in software and hardware which may change access capabilities. Stark recommends that you conduct audits at least once a year or whenever you make major change to the network.

While the BYOD concept has saved costs and facilitated a mobile workforce, it has also created a whole new set of security issues that you must address. As your organization assesses risks and establishes a solid insurance program, consider taking steps to prevent catastrophic data losses through breaches that can occur easily without a BYOD policy.

The members of TechAssure Association assist companies with insurance and risk management solutions that are unique to the technology sector. For more information on cyberliability insurance and other services, please give us a call.

by

Reducing Your Cyberliability Risk

Cyberliability is a term used to describe how much damage will be done if your company experiences a data leak. Handling private data, as every modern business does, puts you at risk for having it lost or stolen which in turn could leave you facing some very costly lawsuits. Fortunately, there are some relatively easy steps you can take to reduce your cyberliability exposures.

Don’t carry vital data around with you. Mobile devices are great for efficiency. You can look over reports or check your email almost anywhere you go. The down side is that any vital data you carry on these devices becomes a cyberliability risk. It’s too easy to lose or have a smart phone, laptop, or tablet, stolen, then all that data is there for everyone to see. A great alternative is cloud storage. It allows you to access data online without ever downloading it. You log on with a password, use the data, and log off. Nothing is stored so if your device goes missing, the data doesn’t go with it.

Password protection and firewalls are great ways to protect data, but sometimes they are not enough. If a hacker gets through these, you need data encryption as a last line of defense. When you encrypt all your data, even if someone does hack into your system and steal it, they can’t use it.

Strict password policies are something most staff members hate. Coming up with new passwords every month can be irritating and difficult. If you really want to reduce your cyber liability risk this is a vital tool to use. Do not use one password for all your personal and business accounts. All it will take is for a hacker to gain access to one of those accounts, then all of your company data is in jeopardy. It may seem like a pain and it will upset your staff, but a strict password policy will save you a lot of money in the long run.

To discover other ways in which we can help you protect your organization from cyberliability risks, please give us a call.

by

Top Risks for Data Storage Sector Revealed in the TechAssure Risk Survey

TechAssure Association, Inc has conducted its’ first risk survey for technology firms on the major risks and business concerns facing the technology industry.

The top ranking risk concerns for firms operating in the Data Storage Sector were diverse and included risk of damage to brand, image, and reputation, network, privacy, and security risks, and risks of losing intellectual property. We also found out that uncertainties that may arise from changes in regulatory corporate governance, and legal environment, fluctuations in economic conditions, inability to continue new products and services innovations, risk of failure to access capital, and interruptions in business processes were key risk concerns for the sector. Our survey also found that risks associated with partnerships with vendors and other strategic alliances as well as the inability of a firm to attract and retain key talent were top ranking risk factors for firms in data storage sector.

To retrieve a full copy of the summary of the 2013 TechAssure Association Risk Survey, please contact a TechAssure member.