Need Reliable IT Services? Call Us Now! (443) 589--1150 | Toll Free: (800) 431--2282

3 Data Security Best Practices

Security breaches are disruptive to my business. According to the Ponemon Institute’s Cost of Data Breach Study, the average cost of a security breach in 2015 was $4 million — up from $3.8 million in 2014 — so every business needs to take data security seriously.

Data Security

While there are many steps you can take, we talk with our clients and prospects about these three best practices.

End-to-End Encryption

Data is most vulnerable to attack when it’s being moved.

We recommend implementing SSL/TLS protocols. They protect client data as it moves across multiple locations — for instance, to cloud-based archives or off-site servers.

Secure Sockets Layer (SSL) provides a secure connection between two endpoints across three factors:

  • Encryption (provides privacy)
  • Authentication (through certificates)
  • Predictability (via message integrity checking)

Transport Layer Security (TLS), an update to SSL, standardizes private digital communications. TLS works on two levels:

  • Record protocol (manages a stable client-server connection)
  • Handshake protocol (allows for authenticated client-server communication)

Controlled Access

You must protect your business’ data by controlling access to it. Cloud hosting service providers offer system administrators tools to ensure that employees have access to the business intelligence data they need to do their job, and nothing more.

Controlled access leads into some common sense follow-ups.

  • First, we encourage clients to limit the number of administrators in their system. That level of access is unnecessary for most employees to perform their duties.
  • Second, many clients have overly permissive firewall rules that have no business justification, which create easily correctable vulnerabilities.
  • Finally, we recommend our clients segment their network, thereby limiting attackers’ ability to move laterally through the system. Segmenting your network makes it harder for infiltrators to access sensitive data but requires an in-depth understanding of where your critical data is stored.

Company Culture

Many businesses greatest security flaw has been around company culture. Employees were often unaware they were exposing customers to security risks. They took actions because they were faster, or easier, or because they knew nobody outside of IT would notice.

When we see employee inattention as a security flaw, we coach our clients to develop a strong company culture around data security. By making it about protecting the business by protecting the client, we have achieved strong buy-in.

A strong data security culture means we educate our clients around the data life cycle:

  • What is the data? (payment info, personal identifying info, etc.)
  • How is the data created? (form submissions, tracking, etc.)
  • How is the data maintained and shared while in use by my business? (to segment my network)
  • How is the data stored and archived? (for appropriate at-rest data security measures)

These help us explain to employees, clients, and prospects how they can best protect the business intelligence data that needs to be protected when and where it needs to be protected.

Tier One Technology Partners is the trusted partner when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (443) 589--1150 or send us an email at info@tieroneit.com for more information.

Alexssa

We have seen a dramatic improvement in efficiencies and productivity (after Tier One upgraded our network). As we move forward I am sure it will be comforting for us knowing we are more protected and more efficient. We cannot say enough about Jason! He has been very helpful though this transition and Tier One will be a good move for us and look forward to the future.

  Hunt Valley Tile and Stone   

Connect With Tier One Technology Partners

  • 11311 McCormick Road, Suite 100 Hunt Valley, MD 21031
  • 70 Thomas Johnson Drive, Suite 100 Frederick, MD 21702
  • Phone: (443) 589--1150 Toll Free: (800) 431--2282 Fax: (443) 589--1165
  • Emergency Support: (443) 589--1150
Tech Council
HTG
CPAmerica Member
Information Technology Alliance
Carroll County Technology Council Member
Howard Technology Council Advisory Board Members