6 Cybersecurity Best Practices for Companies Looking to Protect Their Data

— -- intro:

In my forthcoming book, Swiped, partially excerpted below, I examine some of the enterprise level, cybersecurity best practices. These are the questions organizations need to ask themselves if they want to protect the data they are sitting on. Some of the considerations:

quicklist:title: Does the organization use a standards-based security architecture that is integrated into all technology processes?

text: In plain language, sending personal information via attachment on an email is a “technology process.” This would include both the way data is stored (is it encrypted) and where it is stored (is it online or offline), etc.

More From Credit.com: 14 Dangerous Emails That Could Be in Your Inbox

quicklist:title: Does the organization provide employee security awareness? text: Employees are often the hacker’s first point of attack (think spearphishing, easily deciphered passwords, mindlessly misplaced smartphones and laptops, and improperly secured devices that access your secure systems). Comprehensive training is a must.

More From Credit.com: Can Corporate America Protect Us From Hackers?

quicklist:title: Security must be layered. text: Like very tall, electrified fences and deadbolts on your doors, multiple layers of security can slow down cyberthieves as well as limit what they can access and pilfer in a single attack. Adopt a “minimum necessary access” policy. Allow users (and their devices) only what they need to perform their required tasks. Update access rights in response to personnel or system changes. Never permit multiple employees (or department members) to share a password. Assign each a discrete password, and never let them share passwords.

More From Credit.com: 25 Passwords You Should Never Use

quicklist:title: Your system must be segregated. text: Segregate financial, security, customer and employee data storage systems from each other as well as from the data used for routine operations management.

quicklist:title: Bring Your Own Device?text: If you allow it, set stringent protocols, including security programs and other precautions.

quicklist:title: Have a smart file retention and destruction policy. text: Limit your legal liability and breach exposures by developing appropriate retention requirements for both hard copy and electronic files, and employing secure destruction practices for electronic data and physical files (think shredding), and any hardware that either you are no longer required to keep or has become obsolete.

In a world where Cyber War has replaced the Cold War and breaches have become the third certainty in life, it is incumbent upon every organization to be on high alert and to build security into their very culture from the mailroom to the boardroom. Just as companies have warned consumers away from clicking on links, they should avoid asking for any sensitive documents to be attached to any email.

Any opinions expressed in this column are solely those of the author.

Adam Levin is chairman and co-founder of Credit.com and IDT911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit. His new book, "SWIPED: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves" will be released this fall.