Unfortunately, it is becoming commonplace to hear news of a large organization whose data was hacked. But data breaches should not only be of concern for large organizations – small organizations are susceptible as well, including government entities. You can put a few practices in place to keep your organization and employees safe from data breaches.
Practice good access controls
This means only allow access to individuals who require access to certain programs, files or network applications. You should emphasize the importance of employees maintaining the privacy of any passwords. You should also establish standards for minimum password requirements to ensure employees are not allowed to choose weak passwords.
Have a good filter for the email server
The email filter is the first defense against viruses or scams. You should continually remind employees to be vigilant to scams or suspicious emails. Educate employees to never open emails and attachments that are from an unknown source. An employee should never provide organization data to unknown companies outside the organization. Inform employees what information can be given over the phone, in an email or in person to those requesting information from within or outside the organization.
Place restrictions on the hardware and software installed
Employees should be informed that all hardware and software will be installed by a designated employee. Team members should not connect a personal device or drive to organization computers. Software should not be downloaded without permission. If employees are allowed to work from outside the office, a data connection should be provided. Files should not be uploaded to personal cloud storage in order for an employee to work outside the office. A virus could be spread unknowingly to your organization’s network and expose sensitive business data. Also, you should revoke an employee’s access to all programs and web applications when an employee resigns or is terminated.
Another risk to an organization’s data is mobile devices. Many employees access the organization’s servers through their offsite mobile devices. The portable devices could contain malware which could pose a risk to your data. Educate employees about establishing passwords for all mobile devices that access the organization’s computers. Make sure mobile devices that are connected via WI-FI are connected to separate servers that do not contain your organization’s data.
You need to stay vigilant and continually educate employees about maintaining the integrity of the organization’s data. Organizations that are serious about cyber threats understand educating employees on the importance of security and communicating the organization’s policies regarding data security is an ongoing practice. Implementing these common practices would go a long way in keeping the data at your government entity secure.
Marilyn Mays, CPA, CGMA