Profile - How We Protect Data

Employee Training Is Critical

Sandy GonzalezWith all the challenges of running a business, it can be easy to overlook the increasing importance of data security. A recent Symantec survey, in fact, shows a striking 83% of small businesses lack a specific plan to combat attacks launched through viruses or by hackers.

"A data breach or hacking incident can really harm small businesses and unfortunately lead to a lack of trust from consumers, partners and suppliers," says Michael Kaiser, executive director of the National Cyber Security Alliance.

Don't think you're at risk? Think again. Roughly 40% of all recorded cyber attacks in the first three months of 2012 were targeted at companies with 500 or fewer employees, according to Symantec. But it's not just opportunistic hackers that are the problem. About 87% of survey respondents admit they don't have a formal Internet usage policy for employees, making their companies more susceptible to viruses.

"The biggest risk is from careless users browsing the Web or opening risky e-mails and clicking on an attachment or link," says Sandy Gonzalez, senior partner at California-based distributor MadeToOrder (asi/259540).

Gonzalez – who spearheads MadeToOrder's technology efforts – believes a combination of adequate employee training and evolving data security policies is crucial to preventing cyber attacks. Read on for more of her data protection advice.

Q: How does MadeToOrder protect sensitive customer information?
A: We have an Information Sensitivity Policy that provides guidelines on what is for public disclosure and what is confidential. We also have an Acceptable Use Policy and CD-DVD-USB Use Policy in place to address acceptable use of our network resources and computers.

Q: Are employees trained on password protection and encryption?
A: Yes, and we have rules in place. Our systems automatically encrypt passwords.

Q: What steps do you take to keep anti-virus software and patches updated?
A: We have a central server that downloads and pushes updates out to all users. These are pushed out automatically. We also use a known anti-virus provider and follow all of their recommendations.

Q: Are there social media policies in place for staff? Websites your employees are blocked from using?
A: We have a firewall that monitors Internet usage and blocks known malware sites. We block all streaming radio and music sites. We don't allow connections to music download sites.

Q: How safe is it really to put data on the cloud? Does MadeToOrder do this?
A: We currently host an FTP site in the cloud and use a cloud service to sync non-sensitive documents and files. Every company needs to consider the cost-benefit aspects of cloud-based versus on-premise hosted data and select what operationally meets their requirements.

Q: How much should industry companies really be concerned about hackers?
A: It's important to have best practice firewalls and security in place. I don't think the concern should be so much on hackers.

Q: Do you have a basic plan to recover lost data in the event of a cyber attack?
A: Yes, we have a disaster recovery plan in place, which is reviewed every eight to 12 months.

Q: What's your best advice for small businesses trying to protect their data?
A: Focus on user training. The biggest risk for companies in our industry is the sales force. Most salespeople work remotely outside the firewall. If a remote employee is hacked while outside your firewall, your network is open to attack as soon as they log on. It's important to train your users.