While most businesses imagine shadowy hackers as their biggest security risk, in reality insiders with the ability to access records inappropriately can also pose a significant threat. To minimize this threat, adopt clear rules and technical approaches to prevent inappropriate access, thoroughly train individuals who handle user information in your privacy and security practices, and log and audit data access.
PLAN AHEAD
71% of employees in a variety of fields, including sales and business operations, said they have access to data they should not be able to see (2014).
Security breaches can undermine your users’ trust and cause them to take their data elsewhere. Many breaches can be prevented by taking steps to protect the systems and data under your direct control. Work with your engineering team and outside experts to implement security best practices such as network activity monitoring, endpoint security for devices that connect with your network, and routine system audits and software updates.
In addition to securing the data you hold, you need to make sure that your users’ data is secure even when it is not on your servers. If third parties are going to have access to your users’ data, make sure their privacy and security practices are consistent with your own. Consider how you can formally require third parties to meet your standards and verify compliance with those requirements.