The real threat of the theft of electronic and hard copy data
There are always opportunists who will act quickly to exploit a major event for their own gain while threatening the safety of others. The COVID-19 pandemic is no different, with nefarious criminals or insiders aiming to take advantage of the confusion, distraction and large-scale shift to remote work resulting from the pandemic. Now more than ever when most of the workforce is working remotely it is time to review protocols related to electronic data and how it is stored and transported. According to The Economist, data is the new oil and is now the most valuable resource
IBM reports the average cost of a data breach in the US reached $4.35 million in 2022 – an all-time-high – and 83% of organizations have experienced more than one breach. See the entire report: Cost of a Data Breach Report
Now is the time to review how the following could happen in your organization:
- Electronic theft – this can be intentional or an inadvertent employee error.
- Physical theft of electronic data – by employees or an outsider.
- Physical theft of hard copy files – by employees or an outsider.
- Lost, stolen or hijacked device – leaving key devices in cars, or unattended.
Three risks associated with removable media devices
Portable hard drives, USB flash drives, memory cards and other types of removable media are vital for the quick storage and transportation of data. For many businesses, removable media can be used as backup storage for critical digital files or even free up additional storage space for work computers.
While removable media is easy to use and has many business applications, it isn’t without its share of risks. The following are some considerations to keep in mind when using removable media at your organization:
- Data security—Because removable media devices are typically small and easy to transport, they can easily be lost or stolen. In fact, every time you allow an employee to use a USB flash drive or other small storage device, your organization’s critical or sensitive information could fall into the wrong hands. What’s more, even if you encrypt your removable storage devices, you will not be able to recover lost files once the USB flash drive or other device is lost.
- Malware—Simply put, when employees use removable media devices, they can unknowingly spread malware between devices. This is because malicious software can easily be installed on USB flash drives and other storage devices. In addition, it just takes one infected device to infiltrate your organization’s entire network.
- Media failure—Despite its low cost and convenience, removable media is inherently risky. This is because many devices have short lifespans and can fail without warning. As such, if a device fails and your organization doesn’t have the files backed up, you could lose important files and data.
Thankfully, there are ways to mitigate risks associated with removable media. To use these devices effectively while maintaining data security, consider doing the following:
- Develop a policy for removable media use and hardcopy files. Including how they can be transported and stored.
- Install antivirus software that scans removable media devices.
- Ensure all removable media devices are encrypted. Passwords to these devices should never be shared.
- Instruct employees to never use unapproved removable media in a computer.
- Have employees keep personal and business data separate.
- Establish a process for wiping all portable media devices when they are no longer needed.
- Enable a “block watch” mentality at your place of business. If you have a busy office, it is highly likely that a seasoned criminal can waltz into your organization and start cleaning out your office. It happens more than you think. These people could look like sales reps, elevator repair technicians, coffee delivery staff or couriers. If you feel someone doesn’t belong don’t be afraid to ask how you can help or seek to verify credentials.
Review these common cyber security terms
Part of practising effective cyber security at your organization includes understanding and correctly using industry terms. Stay in the know with these common cyber security terms:
BYOD (Bring Your Own Device): Refers to employees bringing their own mobile devices such as cell phones or tablets to work and using them for work purposes.
IoT (Internet of Things): Refers to the web of devices connected to the internet—including computers and mobile devices, as well as non-traditional devices like office heating and air conditioning, doorbells, smart lights and smart speakers.
DDoS (Distributed Denial of Service): A type of cyber attack that attempts to overload the entire network until it collapses.
Blockchain: A type of database commonly associated with bitcoin that uses a chain of data chunks designed to prohibit the alteration of any data without affecting the rest of the chain.
Deep Learning: A new type of artificial intelligence that uses algorithms to create neural networks inspired by the human brain.
Phishing: A common type of cyber attack soliciting private information in an attempt to fool a user into divulging confidential personal and financial information.
VPN (Virtual Private Network): A tool used to route your device’s internet connection through a private server rather than your internet service provider (ISP), thus masking your location and encrypting traffic.
For a thorough risk assessment of your organizations cyber security protocols, contact your Reliance Insurance Advisor today. We can help you implement the right tools and get the best coverage for your type of business.
Forbes: Data Is The New Oil — And That’s A Good Thing