9 low-tech security threats that put company data at risk
by Jonathan Wells
Data security discussions tend to focus on modern technology concerns such as malware, phishing, Distributed Denial of Service (DDoS) and firewall breaches.
All of these are legitimate and growing security threats. Digital data breaches may gain more visibility in the press, but physical data breaches have the potential to be even worse for your business. It’s important that your business doesn’t forget to protect against the low-tech security threats to data as well.
Good backup is the backbone of data security
There are two aspects to consider regarding data security – both important and somewhat overlapping. First, you must guard against the loss of data. It’s crucial that your data not be lost, whether by damage or theft of the only copy. Doing this properly includes making sure that your off-site backup solution matches your data priorities.
Second, your business should focus of protection against inappropriate access of data. This could include – but isn’t limited to – theft, eavesdropping or cyber snooping. Backup won’t prevent these problems, and if done wrong, can increase your vulnerability to such attacks.
Don’t ignore low-tech threats to your data
Yes, you need to take appropriate precautions to guard against cyber-threats to your data. But, real-world (physical) hazards – some low-tech threats, some no-tech – haven’t disappeared.
Computer closets and locked cabinets can help protect server and storage gear. But, your employees use equipment that’s vulnerable to being unprotected, like small-form-factor desktop computers, notebooks, tablets, smartphones, pocket hard drives, flash drives and more. According to a Forrester report, on average, 26 percent of global information workers are accessing sensitive data, such as customer information and IP from devices other than dedicated work computers.
There are a number of ways company data can be breached or otherwise compromised that have nothing to do with hacking. Here are some potential risks and ways you can help defend against them:
1. Physical access: Employee keycards can help restrict and log access to an entire facility, and within it, to offices, computer closets or rooms, etc. Video recording can also be implemented for monitoring access.
2. Power problems: Surges, spikes, power interruptions and outages can easily alter or destroy data. To prevent this, ensure you are up to date with UPS's solutions and related power protection.
3. Environmental problems: Fire, water, heat, cold, smoke and fumes can easily cause your data to be damaged. Solutions start with climate-conditioned computer closets or rooms, with computer-safe fire suppression, along with environmental monitoring and alerting.
4. Physical theft: Hardware like notebooks, tablets and external hard drives can all too easily be whisked into a miscreant’s briefcase or bag. Remind employees to store and lock valuable assets in secure places.
5. Digital theft: As you may know, data can be quickly and easily stolen digitally by malicious hackers, either via flash drive, pocket hard drive, file-transfer or even email. Ensure you’re using IT management tools to restrict USB port activity or implements a DLP (Data Leakage Prevention) system.
6. Multi-function printers (MFPs): MFPs while present, many “attack surfaces.” For starters, remind employees to check that they haven’t left originals or copies behind. For shared devices, implement keyfob or other security access – and don’t let fax or print jobs pile up. Finally, make sure MFP hard drives are secured against unauthorized network or physical access.
7. Paper document hygiene: To say the least, sensitive documents shouldn’t be left on desks or even in unlocked shelves or file cabinets, where there’s potential for it to be phone-snapped, run through an untended copier or, simply, taken.
8. Computer displays and accounts: Today’s camera-equipped smartphones make copying a screen-full of data all too quick and easy. Make sure employees don’t walk away from monitors that are displaying sensitive data, or that allow a bystander to keystroke and click to sensitive data.
9. On-site and off-site encryption: If you’re doing backups to external/removable hard drives, tapes, etc., make sure they are securely locked up and encrypted. This applies both to backups being kept and taken on- and off-site.
In general, the question of data security is often seen as an issue directly related to the mainstream, highly-publicized security threats relative to the advent of modern technology. This is true to an extent – the evolution of the internet has certainly lowered the barrier for data theft and made it much easier to conduct from across the world – but there are plenty of ways company data can be breached or otherwise compromised that have nothing to do with hacking.
Drive a security culture in your organization
- 1. "The Future Of Data Security And Privacy: Growth And Competitive Differentiation." Forrester Research. July 7, 2016. https://www.forrester.com/report/The+Future+Of+Data+Security+And+Privacy+Growth+And+Competitive+Differentiation/-/E-RES61244