Data Security- It's Not Just an IT Problem
10/26/2015 - By Zachary Farrington
-This excerpt is from our Fall 2015 Dimensions Newsletter-
Your IT systems house a wealth of sensitive information. In addition to your own proprietary financial records, business plans and competitive strategies, you also maintain confidential employee financial and health information, as well as your customers’ project plans and specifications.
When it comes to protecting this data, there’s much we can learn from the recent high-profile attacks on retailers, healthcare providers and government agencies. Those attacks show that even the most sophisticated IT systems are vulnerable — there is no such thing as perfect security. So you must be prepared to deal with the aftermath if your security systems are compromised.
This means developing a detailed incident response plan, with designated responsibilities and a step-bystep plan of action for securing and recovering lost or stolen data. Every contractor should also maintain adequate off-site or cloud-based backup systems to help recover from a “ransomware” attack or other incidents that can make data inaccessible.
While it is natural to turn to technology to protect data, it’s also important to recognize that data security is not solely a technical problem. In fact, it is fundamentally a people problem.
Remote hackers are a threat, and your firm certainly should install upto-date security software. But there is a much greater likelihood that sensitive data will be compromised by the actions of an employee. It could be a disgruntled employee who leaves with proprietary information, or a well-intentioned employee who simply uploads data onto an unsecured device or cloud server so it can be accessed remotely.
In today’s interconnected work environment, it’s essential that all employees with access to data receive regular training on data security best practices. They should be especially alert to phishing schemes designed to trick them into revealing passwords or otherwise compromising system security.
Please call us if you have questions about securing financial data or other valuable information.
Related Posts
- Saltmarsh Hosts 18th Annual BankTalk
- Juice Jacking and How to Avoid It
- Managing Risk Part 2: Reducing Fraud with Access Controls
- Managing Risk: Fraud Deterrence Is Always a Priority
- Banking Artificial Intelligence
- BankTech Bytes: Banking Artificial Intelligence
- BankTech Bytes: Honest Abe's Lessons on Resiliency
- Watch Out for Those Hackers - It's Cybersecurity Awareness Month!
- Saltmarsh Hosts 17th Annual Community BankTalk Event
- Don't Become the Next Victim of a Social Engineering Attack
- Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers
- BankTech Bytes: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers
- White Paper: Manufacturing Outlook, Leveraging Technology Today
- Webinar Recording: Trends in D&O and Cyber
- Elevate your Third-Party Risk Management Program
- BankTech Bytes: Elevate your Third-Party Risk Management Program
- Cryptocurrency - It's Time to Acknowledge the Elephant in the Room
- The FFIEC's New AIO Handbook
- BankTech Bytes: The FFIEC's New AIO Handbook
- Why Your Company Needed to Invest in Cybersecurity Yesterday
- GovCon Updates of the Week Part 11
- WEBINAR MATERIALS: The Rise of Ransomware - The Evolution, Risk & Recovery
- GovCon Updates of the Week Part 9
- DOL Issues Cybersecurity Guidance for Retirement Plans
- The Evolution of Ransomware
- View All Articles
