You may be aware of the uber techie bad boy hackers of Anonymous/Lulz/Anti-sec/Wikileaks/ScriptKiddies and the organized web mobs of the world. Did you know they have wreaked havoc to the degree that almost a billion records have been compromised? A recent study “gathered 3,765 publicly disclosed data breach incidents occurring in 33 countries during 2005-2010. The incidents included over 806.2 million known records being disclosed– averaging more than 388,000 records per day/15,000 records per hour every single day for the past six years.”
#1 Not all data is hacked. Exercise basic to advanced premise/physical security such as access control, security cameras and alarms.
#2 Limit the amount of data required from customers. If you don’t really need a Social Security number then don’t store it. If credit card information doesn’t need to be stored then don’t store it.
#3 Recognize that knowledge based authentication questions as password resets can bring down the house. Many of the answers can be found in social media sites.
#4 Laptops are one of the biggest data breach points. Laptop data should be encrypted. Laptops should never be left in a car overnight or left in a hotel room or office alone or on a coffee table in a café unattended. Laptop tracking software that locates and wipes data is essential.
#5 Train, train, train, train. Training on data security and what to do, and what not to do is priority number one. Clicking links in emails, downloading anything from the web or email, opening attachments in emails, have all been recent successful ways to infect a network.