The recent resignation of Target’s CEO Gregg Steinhafel has prompted a global discussion on the security of sensitive data. From retail chains to law offices, the conversation has moved from the server room to the boardroom and many are speculating that the infamous Target breach of over 40 million customer credit card numbers could have been prevented by asking some simple questions and heading risk off at the pass.
Complete this simple questionnaire with your team to uncover and plug exposure to intentional and accidental data breaches.
Do you use Box or Dropbox to store and share files?
Red Flag: If the answer is yes, then files are living in an unsecured environment that could be prone to hackers, user error, or hidden policy updates. Files should be stored and shared from a secure platform.
When the company email system is down or inaccessible, how would you send messages and files to coworkers, vendors, and clients?
Red Flag: Use of personal email to transfer sensitive information is a potential liability. The temptation to get the job done may override common sense in a situation where corporate email is down or otherwise inaccessible.
How do you connect to the Internet when you are on the road?
Red Flag: Use of free Wi-Fi in coffee shops, hotels, and airports carries the risk of data interception at multiple points.
Who is responsible for maintaining your company email and server passwords?
Red Flag: If the answer is not known, it indicates a lack of key management practices to create and enforce regular password maintenance. Files and communications might be open to hackers armed with even the simplest tools to discover old or inadequate passwords.
How often do you use thumb or USB drives to exchange information?
Red Flag: Small drives are often lost, stolen, or forgotten, leading to potential loss of sensitive data. Often key client files (even drafts) are left behind on portable drives only to be lost and never found.
If your answers to the questions above throw any red flags, the company is at serious risk of having a data breach. Mitigate this risk by enforcing a more secure set of protocols for file collaboration with rules regulating company-wide use. Unless an executive has a golden parachute waiting, it will certainly be time well spent.