Data Security Best Practices For Business Leaders

Mark St. Peter

By Mark St. Peter

While most know a significant amount of data is stored electronically, few realize the true size of this digital archive. Remarkably, over 97 percent of all information created, stored and transmitted today is done so electronically – and the amount is continuing to increase exponentially with every passing day.

Today’s digital landscape is not just vast, it is also vulnerable. According to a 2015 EMC study about the year 2013, while two thirds of the digital universe was created or captured by consumers and workers – such as workers capturing customer payment information – enterprises have liability or responsibility for 85 percent of that data if security is breached or compromised.

According to experts like FBI Director James Corney, the risk for businesses to fall prey to cyber hacking is growing every day. Corney famously observed, “There are two kinds of big companies in the United States: there are those who’ve been hacked … and those who don’t know they’ve been hacked.”

Thus it is crucial that business owners learn how to protect themselves, their data and, ultimately, their businesses against data breaches. Business leaders should know how to evaluate their potential vulnerabilities, and in that vein, address specific weaknesses. This requires a working knowledge of basic cybersecurity best practices from how to create a strong password to creating a culture of IT security within their businesses, as well as educating employees on how to properly protect key information and safe computing practices.

Evaluate & Assess – The Basic Five W’s
The first step to bolster your digital security is to gain a full understanding of all of the different types of data you are collecting, accessing, sending and storing – WHAT are your storing? Next, look closely at WHERE you are storing this information. Is it stored on an in-house server or a remote server? Do your machines access data through the cloud or on internal hard drives? WHO has access and to how much data? Review how long you are holding onto this data. The general rule is not to keep data longer than you need it, particularly personal information like Social Security and payment details. WHEN to return, delete or shred sensitive data depends on what works best for your business. WHY, although seemingly obvious, and how are much of what follows below.

Master Security Basics
Fortunately, the first and most basic steps to protecting your data are also among the easiest. Once you have evaluated the kinds of data you are storing and for which you are responsible, the next step is to change the passwords that serve as the gateways to this data to something unique. Avoid letting passwords grow stale. It sounds remarkably simple, but it makes such a difference. Avoid pet names or other easy-to-decipher words, and incorporate numbers or symbols into your password where possible. Utilizing even just a couple of numbers or symbols in your password combination makes it exponentially more difficult for potential hackers to decode – computers in particular find this password structure very complicated. For convenience and easier memorization, consider substituting similar characters for letters in words or phrases you are most likely to remember. A phrase that is meaningful to you, with non-alpha characters mixed in adds both complexity and length, both of which make password hacking algorithms far less successful.

Practice Safe Computing

Incorporate safe digital practices into your daily work routine. For example, do not write your password on a Post-it note and stick it somewhere around your computer! You would be surprised how many people do this. Additionally, be wary of unfamiliar or strange looking emails – sending emails with misleading, false or trick links is one of the most frequent ways for hackers to gain access to your system, or to implant a virus in your system. Most of us can easily spot and delete a spam email, but some can be quite sneaky with their approach, including sending an email from what looks to be your co-worker or friend that has a suspect link in it. Similarly, be careful what websites you’re accessing and watch where you click. And never, ever, perform financial transactions via email. Banks are among some of the most sophisticated at protecting access and rarely, if ever, transact monetary transactions through email. If you must transmit a credit card number via email, break the number and/or expiration date and other details into separately transmitted emails.

Educate & Engage
To optimize cybersecurity going forward, business leaders should educate employees about security risks, and work to create a culture of IT security awareness. Formulate a comprehensive IT security plan, incorporate it into your employee handbook and ensure you are continually communicating with your employees about emerging IT security risks. Finally, consider working with an IT professional that can help you perform a full security analysis, and put systems in place that will not only enhance your security, but help your systems run more efficiently.

With today’s environment of heightened risk and greater liability, business owners and decision- makers should take the time to think seriously about their IT security. Digital security is not a luxury; it is a critical necessity, one that can deeply impact the overall success and well-being of your business.

Mark St. Peter is CEO and managing director of Computing Source. Based in Madison Heights, Michigan, Computing Source operates throughout the Great Lakes region as an all-in-one digital evidence and legal support firm that provides law firms, corporate counsel, judges and other legal professionals one number to call for all of their legal support needs throughout the lifecycle of their cases. St. Peter is a certified computer examiner, a certified fraud examiner and an associate member of the American Bar Association. In addition to his work with Computing Source, St. Peter regularly serves as a third-party expert witness. For more information, email, call (312) 554-1500 or visit