Monthly Archives: January 2024

Protect Passwords to Safeguard Personally Identifiable Information

Businesses large and small deal every day with personally identifiable information from customers, employees and additional stakeholders. How do they protect it? While passwords alone are not considered personally identifiable information, they help keep it safe. Read on to learn more about how to manage passwords and keep data safe

 

The Role of Passwords in Safeguarding PII

 

Personally identifiable information (PII) is defined as data that can be linked with or traced to an individual. Such PII includes names, date of birth, address, Social Security numbers and other specific information about a person. Some of it is n-sensitive, part of public records or easily found online. Sensitive PII can include biometrics (used as part of multi-factor authentication, employment and financial records, and bank account credentials. Every business owner handles a great deal of personally identifiable information in the course of doing business. How can they protect it?

 

Passwords authenticate a user’s access to websites (including company websites) that hold personally identifiable, often sensitive, data on employees, customers and more. Employees properly trained in password management can be helpful in safeguarding a company’s data. One key practice, along with developing strong passwords, is refraining from sharing these passwords with others. 

 

Keeping Passwords Private Benefits Your Business

 

The reasons for keeping passwords secret may seem obvious–no one else can get into your accounts, or change your data, or leave it in danger of falling into the wrong hands. If your workers keep their passwords secret, they prevent sensitive information from being leaked to those who can misuse it. Individual workers (and your business as a whole) avoid penalties associated with regulatory non-compliance. By keeping passwords confidential, they avoid being held responsible for misuse. What’s more, with a strong password, they can always access the resources they need to succeed in their work. Even companies with strong controls and policies need to train their workers in password maintenance, making the practices part of the organization’s culture.

 

While passwords may or may not fall under the category of personally identifiable information, they definitely serve to protect it. For help in developing your company’s password policy, contact your trusted technology advisor today. 

From Cybersecurity to Cyber-Resilience

Cybersecurity is an ever-present issue, especially in these times of rapid innovation. With this innovation, companies need to remember the importance of protecting systems, devices, networks and data from cyber attack. But what if we all went a few steps beyond, thinking of what to do to deal with an incident while it’s occurring and after it happens. Read on to learn how to work toward making your organization cyber resilient in the face of today’s threat landscape.

Cybersecurity and Cyber-Resilience

The two concepts sound similar, but the difference between cybersecurity and cyber-resilience is the focus. Cybersecurity refers to protecting systems, networks and data from cyberattack, whereas cyber-resilience is about an organization’s ability to withstand and recover from an attack while and after it happens. Both are important, and both contribute to business resiliency. An attack happens about every 39 seconds, according to some sources. Common types include malware attacks, ransomware, and Distributed Denial of Service (DDoS), and these attacks can steal data or access to it, or even stall your system. And the effect on your business is potentially devastating; even a short power outage can result in costly downtime. How will your organization not just prevent these hazards, but deal with and recover from them, and stay running and resilient?

Benefits of Cyber-Resilience

The threat landscape continues to expand, with more attacks and the attacks becoming more sophisticated. Considering the rate of cyberattacks already occurring, the probability of one striking any one organization is high. Protecting yourself, as well as having a plan to respond to an attack when it happens, benefits your company in numerous ways. For one, you can continue operating during the disaster and avoid lost revenue. Second, the ability to protect customers’ personally identifiable information increases their trust in your organization. Third, you avoid fines for failure to comply with data-protection regulations. Finally, your business can even achieve a competitive advantage in staying open when others have to close.

Elements of a Cyber-Resilience Strategy

According to a CompTIA article, a strategy will prepare you to respond to attacks and mitigate their damage. A cyber-resilience strategy starts with assessment and prevention, a deep knowledge of your technological assets, and any possibility of gaps that attackers can exploit. Actively implementing preventive measures can help you look out for threats before they become problems. Plans for response and recovery position your company to respond quickly and mitigate damage. Adaptation and flexibility involves knowing that each attack is different and being able to respond at the moment. Finally, education and ongoing training can acquaint workers with possible threats and how to respond. Practice through attack simulations is very helpful as part of training.

Cybersecurity, of course, is still important. Cyber-resilience goes beyond that, to recovering from an attack and keeping the business running. For help with your strategy, contact your trusted technology advisor today.