One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 838584 |
| Date de publication | 2018-10-09 13:00:00 (vue: 2018-10-09 16:01:20) |
| Titre | 5 Steps to Maximize Your Financial Data Protection |
| Texte |
A series of high-profile data breaches in 2017 made it clear that it's becoming more difficult to protect your and your customer's sensitive information from nefarious agents. As businesses expand, they develop and implement security policies that help protect their sensitive information from outsiders. Still, business growth means more computers, more laptops and more mobile phones—and more network endpoints means more security vulnerabilities and more opportunities for a small oversight to turn into a major data breach.
Financial data breaches can spell disaster, especially for small businesses that have fewer resources to allocate toward proactive security measures and fraud prevention. To help out, we've outlined five steps that you can take to maximize your financial data protection in 2018.
Take Inventory of Your Sensitive Financial Data
The first step to effective financial data protection is to identify the data that is more important to protect. Your full assessment should answer the following questions:
What data do I need to secure?
What computers, servers, laptops, networks, or other devices is the information stored on?
What devices can be used to access the data?
What roles/titles will have permission to view the data?
The best way to start enhancing data security is by restricting access. Isolate or segregate the data onto the fewest number of devices possible, and make it accessible to the fewest number of people. Conduct thorough background checks and ask for references when hiring employees that will come into contact with financial data.
Implement Effective Password Controls
Passwords are an important security measure used to prevent unauthorized users from accessing company laptops, e-mail accounts and other resources that could contain sensitive financial information. Password controls are a set of imposed guidelines for how your staff should set up the passwords that they use to access your sensitive data. Typical password controls include:
Ensuring that passwords are long enough and that they contain a mixture of upper and lower-case letters, numbers and symbols. As passwords get longer, they become exponentially harder to hack by brute force. Hackers use all kinds of tricks to try and guess passwords—writing software that guesses dictionary words or combinations of words from the dictionary, or that guesses birth dates formatted in different ways. Passwords should be 10-12 characters long.
Ensuring that passwords are changed on a regular basis, at least every 90 days for passwords used to access sensitive financial data.
Ensuring that each individual user is assigned one username and password, and that login credentials are never shared.
Protect Your Network with a Firewall
Companies storing and transmitting financial data on an internal network should implement a firewall. A firewall is a hardware or software security device that monitors all incoming and outgoing network traffic and uses predefined security guidelines to determine whether it should be allowed or blocked. Firewalls establish a barrier between your trusted internal network and unauthorized external actors that might try to access or attack it.
You may want to hire a cyber security expert who can help customize your firewall to your unique circumstances and advise you on how to address other potential network security threats.
Look Out for Phishing Scams
Sometimes, fraudsters don't have to gain access to your systems using technological means to attack your company financiall |
| Envoyé | Oui |
| Condensat | 2017 2018 able about access accessed accessible accessing accounts actors acts address advise agents all allocate allowed also answer any anyone are ask assessment assigned attachments attack avoid background barrier basis become becoming best between birth blocked breach breaches brute business businesses can case chances changed channels—never characters checks circumstances clear clicking code combinations come companies company company's computer computers conduct contact contain controls copies could credentials current customer's customers customize cyber data dates days decrypt department determine develop device devices dictionary different difficult disaster doesn't don't drive each educated effective employees encode encrypted encrypting encryption endpoints enhancing enough ensuring especially establish even ever every exclusively expand expert exponentially external fake fewer fewest finally financial financially firewall firewalls first five following fool force formatted forwards fraud fraudsters from full further gain get gets growth guess guesses guidelines hack hacker hackers hands hard harder hardware harm have help high hire hiring how identify implement implementing important imposed inbox include: incoming individual information instructed insurance intended internal inventory investing investment isolate it's its key kinds laptops large least letters like likelihood link links list login long longer look lost lower made mail mails major make malicious maximize may meaningful means measure measures might mixture mobile monitors more most need nefarious network networks never newly number numbers one only onto open opening opportunities organizations other others out outgoing outlined outsiders oversight password passwords passwords—writing people permission phishing phones phones—and policies policy portal possible potential predefined prescribed prevent preventing prevention proactive procedures profile program properly protect protection purpose questions: reading received reduce reducing references regular remotely report resources restricting right risk roles/titles scams secret secure secured security segregate sensitive series servers set shared should significantly small software someone sometimes spell staff start steals step steps stolen stored storing stringent summary suspected suspicious symbols systems take taking technological them thief thorough those threats through toward traffic trained translation transmitting tricks trusted try turn typical unauthorized understanding unexpected unique unknown unsuspecting upper use used user username users uses using view vulnerabilities vulnerability want way ways ways—entering we've what when whether who will wipe without won't words worst your |
| Tags | Hack Vulnerability |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.