Warning and Tips from Sophos: Stakes for protecting sensitive data in your organization

This post published on July 19, 2010 by Sophos security consultant Carole Theriault , aims to provide some tips for companies who want to better protect their data.

Ten top tips for protecting sensitive data in your organization from theft or loss

1. Encrypt all confidential info. Keeping sensitive information inaccessible from prying eyes.
2. Use hard-to-guess passwords. Enforcing good password usage is key to stopping hackers crack into your systems.
3. Keep security software up to date. New malware is being released all the time and spreads at alarming rates. Updating your software automatically is key to defending against the latest threats and vulnerabilities.
4. Danger USB! Unauthorised use of USB storage devices could lead to data being lost from your company. Control usage with security software.
5. Knowledge is power. Find out what your local legislative requirements and review your security strategy to ensure you are compliant. They will be able to advise on what type of technologies, processes, and policies are required by law.
6. Prepare for disaster. Create a plan of action to follow if a severe data breach takes place. Swift reaction can make a huge difference to legal ramifications and corporate reputation.
7. Education is key. Find an engaging way to explain to staff the value of data and talk through the technologies, policies and best practice. Have employees be part of the army safeguarding sensitive data rather than keeping them in the dark.
8. Encourage - rather than punish - employees who report potential data loss or breaches. The information can help you mitigate against costly risks.
9. Don't lock it all down. Employees today need a lot of online freedom to be efficient and effective. Locking everything down will only encourage employees to find nefarious workarounds. Talk to them, find out what they want, and figure out a way to give it them in the safest way possible.
10. Back seat bungles. It's all too easy to leave a laptop or smartphone, containing sensitive information in a taxi or a public place. Data should always be encrypted, but also use a remote wipe facility if devices are lost.