A Game Plan for Protecting Stored Data

An effective data security policy is critical now more than ever, as data is increasingly stored in a variety of devices. But even though IT decision-makers put stringent security strategies in place to patch operating systems, secure the perimeters of the network and protect data, breaches are everyday news. The potential harm involved, in terms of negative press and financial losses, when companies lose laptops, backup tapes and other devices containing private information can be staggering.

To prevent theft of sensitive assets, it’s critical to follow security best practices and adhere to a set data security policy. Here’s what to consider when creating one for your company.

Use the Right Technologies
As the Yankee Group has observed, storage networks are becoming more complex and have matured to the point of requiring additional perimeter and internal security services to ensure data integrity. In addition to encryption, IT decision-makers should consider implementing the following:

  • Access controls. Corporations must institute data security policies regarding who can access databases. Monitoring software is also key -- it helps track who has accessed data.
  • Filtering software. Tools from various vendors help you watch the way content is accessed -- via email, instant message and file transfer protocol (FTP), for example -- and inspect the content for policy violations. Some tools block or quarantine violations, and others offer the ability to block outbound email.

Put a Strategy in Place
To protect corporate data, your strategy should focus on physical access controls, data network transport protection, host defenses, and system and application authorization, says Rich Mogull, director of research for the Gartner Group.

In addition, you should perform regular audits of your security practices. You should also establish a specific policy for protecting data, data management, backup and audit frequency. It is important too to consider internal access to corporate data: Gartner estimates that 70 percent of security incidents that cause loss involve insiders.

Determine How the Data Should Be Protected 
Extremely sensitive data, such as confidential customer information and credit card numbers, should be encrypted before being designated for storage. Not all data must be encrypted, however, according to Mogull. “Use encryption to protect only data that moves physically or electronically, or to enforce segregation of duties for administrators -- for example, encrypting credit card numbers in a database to prevent database administrators from seeing them," he says.

Ensure Compliance
Companies in certain industries, such as health care, must ensure that their data backup, storage and recovery policies comply with government regulations. The Gramm-Leach-Billey Act and the Health Insurance Portability and Accountability Act (HIPAA) require more stringent corporate governance and controls. The Sarbanes-Oxley Act requires corporations to be financially accountable; it doesn't specify the amount of time specific data should be stored or how, but because it does require integrity of data, it motivates IT executives to determine their own policies and be more vigilant about backing up and storing corporate information.

5 Tax Security Strategies for Small Business

When tax time rolls around, it isn’t just CPAs who spring into action. It’s a big time for hackers as well, who bank on sensitive information getting transmitted over the Internet via online filings. And if the hackers are working OT, you know what that means: more work for IT too.

Like everyone else, your company has two options: File taxes yourself or go through a third party. Each choice comes with its own risks, which you can minimize with some foresight and common sense.

Tax Security Tip No. 1: Secure your connection.
If your boss is the do-it-yourself sort, you as the IT brain face the same headaches as the average Joe taxpayer. Is the PC you’re using secure? Are you sending the information over a wireless network? If so, are you using a WPA2 connection or a less secure one?

Jeff Lanza, president of The Lanza Group and an expert on computer security matters, recommends using a wired connection if possible and making sure the PC your company uses to file those taxes has updated security software. “You’re giving up Social Security numbers, birth dates and all sorts of information that can lead to identity theft,” says Lanza.

Tax Security Tip No. 2: Check out the CPA.
Outsourcing your company’s taxes to a third party may seem like a safer option, but Lanza suggests that you play detective first. “If you’re using a CPA, you want to ask how they protect the information and what they do keep your info secure,” says Lanza. Don’t just leave it to management to select a tax preparer. Explain that you need to ask critical IT security questions.

What kinds of questions? Ask what type of software the tax preparer is using and whether he or she has installed the latest security patches. Examine the firm’s security and privacy policies and find out if the preparer uses SSL encryption. Lanza says emailing data can also be risky, so either go with a secure email service or hand-deliver the information.

Beyond that, Robert Siciliano, a security analyst and consultant, suggests doing a simple background check. “Whenever you’re doing business with anyone, you should know who you’re doing business with,” says Siciliano. “It wouldn’t be a bad idea just to do a quick Google search on them.”

Tax Security Tip No. 3: Go directly to IRS.gov.
No matter who’s filing, the ultimate destination is IRS.gov. Subsequent links from that page should be in the secure “https” format. Caution tax filers about clicking on pages that aren’t secure.

Tax Security Tip No. 4: Warn your unsuspecting end users.
Now is a good time to educate your end users about phishing scams. Tell them about common scams around tax time, like hackers posing as representatives from TurboTax or H&R Block in an effort to get consumers and businesses to give up sensitive information. Another common scam is a warning email purportedly from the IRS. Remind end users that the government will never solicit their sensitive information via email.

By preparing end users, you’re not just protecting their info. If end users click on a malicious link using a company computer, you’ll have the hassle of dealing with the threat to your company’s data.

Tax Security Tip No. 5: Store tax records securely.
After the taxes are completed, the best way to protect your company’s sensitive tax-related information is to take it off the hard drive and put it on an external drive instead. And finally, a few months down the road, take the final, most crucial precaution to make sure you’ve safeguarded data: “Check your credit report,” says Lanza. “You should be doing that on a regular basis anyway.”

Like this article? Connect with us @ITinsiderOnline