WK8 Midterm Research Project_Privacy, Security, Hacks, and Leaks

There are several ways that clients and company data can fall into the wrong hands. One, malicious actors are just one of the examples. They will sometimes call and pretend to be a prominent member of the company and demand that one of the employees provide them with private or company information. Another way data breaches can occur, is through disgruntled former employees, who can sometimes badmouth former employers, and in some cases share information that could potentially hurt the company. Even if the former employee is sued, the damage has already been done. Third, internal human error can also be a possible danger. Employees could unknowingly include private information in the background of a work selfie or misplace a bank account number that they had quickly written down to help a customer. They could also accidentally give out information, believing that they are giving the information to the correct person. Four, a website must also always be kept secured, or the information can be accidentally given out to the public. A strong firewall is vital to keeping everyone’s account information secure, for both the customers and corporate as well. Lastly, sometimes even big secure websites are hacked. Hacked websites and leaked information are one of the biggest fears that both private citizens and larger corporations share. If an employ opens a link from an unknown source, it can allow a hacker into the server, leaving financial, employee, and company information open to whoever is willing to pay for it.

There are a number of things that should be considered when facing these threats. Every single company with an online presence needs a strong IT department, that continuously keeps the website updated and secure, and this is something we take very seriously. Outdated coding could allow a hacker to break through the firewall and steal information, so we make sure to keep our website updated daily. Only a small number of employees are hired in office positions where private information is handled. They must past a satisfactory background check or have spent a significant amount of time with the company and maintained a good record. However, even with a small number of people handling client and company data, it’s still possible for leaks to occur. To keep information isolated, and difficult to accidentally pass around, every employee who handles important client and company information has their own log in and account, have been educated on how to create a strong, safe password, and should always lock their computer when away from their desk. This way, it’s easier to track down where information was downloaded to or from, which encourages everyone to keep track of their own accounts. This makes it harder for anyone looking to exploit information to acquire it in the first place. Private customer or company information is never handled anywhere but in approved locations. Only certain rooms in the building are used to handle customer bank accounts, and internal company information. These rooms are only accessible with an employee badge, and each badge comes with its own level of security clearance. However, it can be easy for employees to lose their lanyards, and many forget to report the loss, which can be too late if the badge has already been found and used. Every account and email automatically lock after a given period if the computer remains idle. This allows for a certain amount of human error, as it can be easy to forget to keep a computer locked. Badge scans are also monitored, and if a badge is scanned in the wrong location too many times, the security department checks to ensure that that employee is safe, and that they still have their badge.

There are always additional steps that can be taken to reduce information leaks. Front line employees are in many ways, the first line of defense. It’s important to remember that it is never safe to leave private or company information in open places. Information like credit/debit card numbers should never be written down, as it is too easy to lose this information or for someone to oversee and take a picture of it. All private information should be kept online in the appropriate, company approved places. Also, it is never safe to open links or emails from unknown sources. Especially when at work where employees are handling multiple customer accounts, that contain thousands of people’s financial information. Phones or cameras should never be used anywhere near confidential information. All it takes is one perfectly angled selfie, posted online, to spread private account information to the public. All company and client information should be backed up appropriately, and it should be stored in places that hackers can’t access. These copies of information should only be kept in a secure location, where they cannot be easily misplaced, lost, or deleted. Finally, the best way to accomplish these last steps, is to provide regular educational experiences or seminars for every employee, where these safety practices can be reviewed and tested. It’s also important to remind every member of leadership to look for all potential threats, and to always take security and safety practices seriously.