Protecting Your Data from Loss and Leaks

Protecting Your Data from Loss and Leaks

If you own, manage, or work for a nonprofit organization, you’ve likely experienced a bit of anxiety about the security of your data.

Amanda Luzzader
Amanda Luzzader
Content Writer
Protecting Your Data from Loss and Leaks

If you own, manage, or work for a nonprofit organization, you've likely experienced a bit of anxiety about the security of your data, especially the data that contains confidential information about donors, clients, volunteers, and employees. Data gathering is no simple task, and most of it is either highly sensitive (such as personal information about donors) or irreplaceable (such as data regarding the outcomes of your services, programs, classes, etc.).

The two primary means of data compromise are loss and leaks. Loss of data is usually considered the inadvertent destruction of data through user error, faulty media, physical damage (e.g., flood or fire) or computers (but can include things like fire and flood). Leaks of data occur when data is removed or copied from secure resources and exposed to unauthorized access (by intentional theft or accidentally).

Considering that a nonprofit's data is a primary tool for operation, fundraising, attaining objectives, and improvement, it should go without saying that it should be strongly protected against all threats.

Protecting Against Data Loss

Data loss is most often the result of tech failure such as hard drive corruption. Computers have a way of just humming along in the background, lulling users into a false sense of security. Keep in mind this old IT adage: "There are two kinds of hard drives--those that have failed and those that will." The first and most obvious way to protect against computer or storage media failure is to utilize backups and redundant copies. Backups should run regularly (daily, if possible) and checked for integrity periodically. In addition to backups, make sure your hardware and software is up-to-date. Run checks on security software and physical disk integrity, and make sure operating systems and software are updated to recommended versions.

Protecting Against Data Leaks

Data leaks are often attributable to carelessness and a lack of rigorous data protection. The scope and damage of data leaks range from mere embarrassment to severe legal trouble. At a bare minimum, strict rules and training regarding who can access data and how data is accessed should be in place and enforced at any organization that collects and keeps sensitive data. Security software, network design, and data-access levels should also be utilized to limit data access to authorized users. Finally, rules against how data is accessed, copied, and transferred can serve as an additional layer of protection.

According to a recent article penned by Kaspersky Daily, the business blog of the preeminent computer and Internet security firm, organizations with confidential data (and they point out that very few firms do not have any confidential data) should adhere to the following seven tips to keep themselves protected.

1. Enable full disk encryption (FDE) 

Full-disk encryption is a security protocol that enables access to storage media (usually hard drives) only to users with the proper keys (like passwords, only more secure). Encryption protects confidential data from being accessed and viewed by anyone but authorized users. Kaspersky points out that full-disk encryption is an option for iOS and Android smartphones.

2. Restrict access to confidential data to the office

Theft of leaks of data often happens via the use of external hard drives or flash drives. Restrictions on the use of such devices can prevent both theft and accidental leaks, and software can also prevent unauthorized data transfers.

3. Restrict Internet transfers of unencrypted data

E-mail and commercial file-sharing services can seem safe and secure, but data sent or received through such services can still be surreptitiously intercepted and stolen. Kaspersky's blog recommends simply not using such services to transfer sensitive data, but if you must, encrypt the data first. Passwords should never be sent through e-mail.

4. Delete sensitive data that is no longer needed

Sensitive data remains sensitive even if it's not in use. The leak or loss of unused confidential data can still be damaging to your organization. So, delete it. Kaspersky's blog recommends emptying computer recycle bins and even employing file-shredding applications to make sure the deleted data is really deleted.

5. Encrypt and protect backups

Backing up confidential data is critical, Kaspersky states, but backups can be a source of leaks, so restrict access to backups and make sure they are encrypted.

6. Create multiple backups and copies

Kaspersky recommends the use of off-site or multiple-site backups. For example, an encrypted backup copy in an access-restricted office is a good start, but it won't be of much use after an office fire. The use of (encrypted) off-site storage and cloud-based backups ensure your data is safe from all physical threats.

7. Secure archive and cryptocontainer passwords

In some cases, losing the passwords or keys for encrypted data mean the data can never be accessed again. Passwords and keys should be stored, but notebooks or unprotected files are not the way to do it. Kaspersky recommends storing keys and passwords in a purpose-built password backup application instead.

Sources:

https://usa.kaspersky.com/blog/7-tips-on-storing-sensitive-data/25216/