Is Your Enterprise Making Sensitive Information Unintentionally Vulnerable?

March 14, 2018 Trent Pham

Most employers take great care in protecting any and all employee personal information they store, such as social security numbers and credit cards used for travel. When that care doesn’t extend to making sure employees, themselves are taking effective measures for protection, the result is multiple points of potential compromise that can severely damage an enterprise’s brand.

How is your own organization doing? Consider the following three best practices to ensure that data is more completely secured throughout your enterprise.

  1. Advise employees to use a unique password for each vendor site they access. It’s unfortunately common for people to use one password for most, if not all, of the sites they routinely visit. Many who follow this practice assume that as long as they re-use a strong password not easily guessed, they’re covered. Yet if all vendor sites have the same password for an employee, and any one of those sites gets compromised, the time it takes to compromise all sites involved is greatly reduced – making it much more difficult to prevent further damage from the intruder.
  2. Maintain an ongoing anti-phishing campaign. Cyber thieves who orchestrate phishing campaigns are gaining in sophistication, and many of the emails they send are not immediately identifiable as coming from someone other than the purported sender. That’s especially true when the email is personalized and addressed to the recipient’s business email address – and knowing the format of a single employee’s email address makes it very easy to personalize phishing emails for others. Encourage employees to report any suspicious emails they receive rather than open them or respond, so that you can block emails from that source and alert other employees that they may be targeted.
  3. Extend security policies to physical measures for documentation. Dumpster-diving is alive and well, and often turns up the documentation employees print for internal use that includes personal identifiable information or confidential information that could be used against the company, such as meeting notes. Make sure employees have easy access to paper shredders, and that they understand the need to use them for all documents containing information of any degree of sensitivity.

A solid managed network security solution can assist in many of these measures with automated, 24/7 threat protection, including intrusion protection, anti-virus protection, DDoS mitigation and immediate updates when new threats emerge. In many cases, these services will, for example, automatically scan emails with attachments and block documents that contain viruses and malware. Any enterprise that does not have such a solution, and those that haven’t upgraded recently, are encouraged to make sure they have a high level of managed security. Be sure to extend this to remote employees, who should be covered by protection on their personal internet access points.

It’s also important to remember that no managed security solution can button up an enterprise 100%. Complete security requires vigilance on the part of employees, who can form an important front-line defense against intruders who seek to gain access to information within the workplace. A program based on the three principles outlined above is a great place to start.

The post Is Your Enterprise Making Sensitive Information Unintentionally Vulnerable? appeared first on Windstream Enterprise.

 

About the Author

Trent Pham

Trent Pham is Head of Security Products for Windstream and is responsible for the organization's enterprise security service strategy, development, and life cycle management. He joined Windstream in 2016 and has 20 years of security product management experience with communication service providers, security service provider, and startups. Trent also taught information technology at the University of Denver's Information and Communications Technology Graduate Program. Trent received an MBA from the University of Denver's Daniels College of Business, a BS in Mechanical Engineering from the University of Colorado in Boulder, and holds a CISSP certification.

Follow on Linkedin More Content by Trent Pham
Previous Article
Three Easy Ways to Provide a Best in Class CX with Contact Center as a Service (CCaaS)
Three Easy Ways to Provide a Best in Class CX with Contact Center as a Service (CCaaS)

Customer experience (CX) is becoming more important to business success. Here are 3 simple steps to enhanci...

Next Article
Is there a better solution to your bandwidth deficit than purchasing more bandwidth?
Is there a better solution to your bandwidth deficit than purchasing more bandwidth?

Research shows that the demand for bandwidth inside a business doubles every 18 months. Can you afford to k...

×

Have questions? Chat with a Windstream network expert

First Name
Last Name
Company
Phone Number
Thank you!
Error - something went wrong!