The biggest mistake we witness in working with dozens of different companies is adopting the “It Won’t Happen To Me” attitude. Data security is one of those things that is talked about, but far too often no preventive action is taken. This year we have witnessed two different firms undergo unexpected breaches, yet one was prepared and one was not.
Data Breach #1
The first firm was not yet a client of ours when the breach happened. They were on a traditional server network and many users had laptops since they traveled frequently to visit clients. The company had just moved into a beautiful new office suite. Fresh carpet, a beautiful new conference room, paint, decorations, furnishings, a true A-class building. A couple of weekends after they moved in, they received a call from their alarm that the entrance had been breached. A couple of masked burglars broke into their new office and stole some laptops.
These laptops had client information including financial and personal information. The laptops only had basic domain passwords but no special encryption on them. With a simple password hack, their client data was at risk. Due to federal compliance regulations the company was forced to disclose to ALL of its clients (not just the ones whose data was on the stolen laptops) that their personal information had been exposed. Months of audits and client phone calls to ease concerns were ensued. The owners of the firm were shocked at the headache this had caused and never thought it could happen to their company. They contacted Zeta Sky shortly after to move to a more secure computing platform.
Data Breach #2
The second firm was (and is) a current client of Zeta Sky. Their network was already on a virtual private Cloud system, meaning that the data was hosted in a secure data center, instead of in their office or computers. They too are in a nice area with a beautiful office. In a very similar fashion as the the first company, this firm was burglarized. 2 laptops were stolen.
Even though this firm also dealt with sensitive client information, there was a major difference. These laptops had no information on them. Since the company’s network is hosted in a datacenter, the staff merely connects to a Cloud Desktop to access their apps and data. The connection is a secure and encrypted tunnel using Citrix. When the connection is closed, there is no trace of data on the local computer. So even though the burglars got away with 2 laptops, there was no corporate data on them for them to hack.
This saved the firm a ton of headache and embarrassment of disclosing any data breach. They were able to document the security of their data and ensure that no leak had occurred.
If you’re not certain about the security policies in your network, get your head out of the sand and take action! Your business and client information is counting on it. Start by getting an overall security audit of your network to see where potential holes are. Then implement solutions to add layers of security and document your network and security policies to protect your business. If you need help getting started, contact us today.