“Data is the new oil,” said Richard Titus, CEO of AND in 2010. He wasn’t wrong--in an increasingly digital world, data is the most significant resource that we have. Companies absorb, analyze, and feed off of personal data; brokerages rely on data to connect and develop relationships with clients.
Therefore, for a brokerage, keeping both client Leads and company data secure should be top of mind in today’s information-driven economy.
Hackers and other malicious actors have caught onto this fact as well--it seems that a fresh cyber attack on a major organization is in the headlines every few weeks. In the face of these kinds of risks, we’re left to wonder: have brokers considered specific security practices that can limit the impact of such incidents, or prevent them altogether?
1: Identify Sensitive Data
For companies, it is really important to be aware of where their most important data and sensitive business information lies. This will ensure you have the right information and allocate more resources to protecting your most sensitive and crucial assets.
Although sensitive data is only probably around 5-10% of your total business data, today a compromise of sensitive or personal data could result not only in an immense loss of reputation and revenue to a company, but also heavy penalties according to GDPR.
To build an effective data security system you should be splitting private and business data and putting more strict measures on sensitive data over other business data.
2: Encrypt, Encrypt, Encrypt
Stolen customer data can be a nightmare for a business, not to mention for the individuals whose data has been taken. And while it may not always be possible to stop sophisticated hackers from getting into your system, it is possible to stop them from getting access to key data by encrypting it properly.
Encryption is useful for everything from protecting information that has been stored on the Cloud to keeping internal emails private and confidential.
3: Don’t Forget HR!
Many companies put a great deal of work into protecting sensitive customer information with a secure computer network and a custom-made database but then forget that they also store a great deal of internal and HR-related data. Keeping your staff data in a system that is not secure makes it an easy target for hackers.
4: Fire Up the Firewall
Like antiviruses are for your files, firewalls are for protection. You must establish a strong firewall in order to protect your network from unauthorized access or usage. The firewall protects your network by controlling internet traffic that comes into and goes out of your business. A firewall works pretty much the same way across the board. Make sure you select a very strong firewall to ensure network safety.
5: Don’t Get Caught in the Rain--Use an Encrypted Cloud Service
While cloud storage makes for an ideal backup solution, it can also be more prone to hackers if you're not careful about the cloud services you choose. Encrypt the data you store in the cloud or use a provider that encrypts your data for you.
There are some services that provide local encryption of your files in addition to storage and backup. It means that the service takes care of both encrypting your data on your own computer and storing it safely on the cloud. Therefore, there is a bigger chance that this time no one - including service providers or server administrators - will have access to your sensitive data (the so called "zero-knowledge" privacy).
Some services even allow you to choose exactly which employee has access to which data. For example, LPS provides a service that allows employees to contact clients without ever having access to their contact information. This alleviates the risk of internal data theft.
6: Get Rid of Old Data You No Longer Need
Keeping computer and mobile devices clean is a good practice to ensure usability, but it's also wise to eliminate old data you no longer need. Why give potential criminals more info than absolutely necessary?
Keep only the data you need for routine current business, safely archive or destroy older data, and remove it from all computers and other devices (smartphones, laptops, flash drives, external hard disks).
This is particularly important given the severity of the consequences related to leaked data under the GDPR.
7: Track Your Data
Another practice that you must follow in order to secure your sensitive data is to monitor it well and diligently. You must always keep track of your data, know which data is stored where and use good monitoring tools that can help prevent data leakage.
Becoming a successful business is a difficult task, but sustaining yourself is much more challenging. In today’s world of immense cybersecurity risks it is really important for you to be pre-equipped with the security tools and privacy enhancements that are needed to safeguard your most valuable asset - your data.