How to keep your company’s sensitive data secure


With changing work styles, there are many new threats to data security. Be it employee information, customer payment info or business strategies, every organisation is worried about the security of their sensitive data. Network security may sound like a simple concept to grasp, but there have been several incidences of data breach these days. It has become a challenging task, especially for small and medium sized businesses, who have to compromise with network security measures because of tight cash flow.

In order to protect sensitive information against malicious agents, it’s essential to take these important steps.

1. Educate employees on best network security practices

With the BYOD (Bring Your Own Device) trend gaining momentum, employees are free to work from their laptops, smartphones and mobile devices within the office premises. But, the lack of encryption on their devices or an outdated operating system may lead to data leakage. Malware can also find their way into the corporate network via unprotected mobile devices. So, employees need to be educated on expected network security practices right at the time of onboarding. An idea about phishing emails should be provided in advance, and they also need to be vigilant of how they are using public file-sharing applications like Drobox, OwnCloud and JungleDisk.

2. Create a BYOD policy

68 per cent of employees access their files from smartphones – Citrix Mobility Survey

The trend of BYOD helps companies in improving the productivity in a cost-effective manner. But, it also opens the door for unauthorised access to sensitive data. So, it’s a good practice to have a strict BYOD policy in mind. This way, sensitive information can be kept securely in personal devices of employees. Certain security regulations must be adhered to when using personal device within an office premise. Security measures like software installation and configuration must be adopted, and support for software updates, maintenance and troubleshooting should be provided.

3. Create a robust policy for handling sensitive data

An organisation needs to accurately segregate between its sensitive and non-sensitive data to outline a strict process for handling important information. Corporate data can be classified into public, private and restricted, and security measures can be enacted accordingly. While public data requires minimal security, private data needs to be handled cautiously. In case of restricted data, employees should be given access on the need basis only.

4. Encrypt your data for protection

Securing data within the corporate network is important for all organisations by now, be it SMBs or big enterprises. While they are adopting various security measures to prevent unauthorised access to their data in rest, an equal security measure is required for protecting the data in motion. As the sensitive data in motion is accessed by all types of people and applications, it needs to be encrypted for a secure data networking.

5. Focus on password security

While adopting different network security devices, organisations often end up ignoring the basic information security mistakes. In most cases, employees use weak passwords to protect data in their system, and end up making them vulnerable to malicious attacks. So, it is important to improve password security practices by providing enhanced security training to employees. Companies can also benefit from the rollout of a password management application. Some of the trusted password managers are Zoho Vault, Dashline 4, and Sticky Password Premium.

6. Be aware to prevent data breach

Employees need to take certain precautionary steps like not leaving their laptops and devices unattended at public places. And in case of missing device, the theft needs to be reported immediately. Also, they need to take a proactive approach to ensure that the data on their devices are encrypted. By following these measures, vigilant employees can make a significant contribution in reducing the risk of data breaches.

7. Introduce identity and access management (IAM)

By introducing Identity and Access Management (IAM), companies can ensure that all their data is accessed securely. IAM along with the Single Sign-On (SSO) technology can help organisations in correct identity mapping. A robust authentication flow can be maintained with real-time and continuous risk analysis. IAM can also help in analysing who is accessing which data. Accordingly, a list of access right details can be created, and the approach to restricted data can be limited.

8. Apply fine-grained access controls

With fine-grained access controls, the access to sensitive data can be managed through a central point. This way, it can be accurately defined who has the right to access which information. It works by adopting the principle of minimum privilege and allowing employees to access only those information which they need. Also, organisations can have a better control over the information that employees can access when they are inside the office network and when outside.

9. Create a strategy to survive the data breach

With hackers developing new ways to intrude into the network of an organisation, a fool-proof protection against data breach is far-fetched. Even with widespread awareness and all-inclusive security measures, it’s hard to create an infallible network security structure. In case the sensitive information of an organisation has been compromised, it needs to adopt a planned approach. Once the data information lost in security breach is figured out, the next step should be of changing all affected passwords and contact credit-reporting bureaus and associated financial institutions.

The final thought

An organisation-wide security practice needs to be adopted to prevent unauthorised access to high-value data. In several cases, hackers have targeted high-profile members like directors of a company because they are likely to have access to all sensitive information. Companies end up compromising with the security of their data by offering greater autonomy to high-profile employees. The best practice is to devise equal security measures for every member of an organisation, without any fail. To prevent the incidences of malware and ransomware attack, it’s important that every employee is aware of security practices and abide by them unfailingly. A culture of security awareness can facilitate a significant change in detecting and preventing potential security threats.

Kalpana Arya, content expert with TechPillar
Image source: Shutterstock/alexskopje