⚠️ ⚠️ ⚠️ You know how you occasionally read about huge data breaches in the news? Or (ugh) you get a letter saying your information may have been part of a breach? Maybe you have a business that collects data like emails or logins – or takes payment information online? Well, as an SOC2 Certified Vendor, we’d like to remind you to think about how you manage your company’s data and other security measures so that you know you’re always covered.
Take Our Data Security Quiz:
So – How’d you do? We’ve compiled a list of key points and related articles on data and facility security. We have found these to be comprehensive and informative, and hope you will find them useful as well. So, without further ado, here they are:
1. Encryption of data traveling over internet (email, ftp)
Are you using secure servers? A reputable email provider?
• Techniques for transferring data securely -ProtectIU.edu
2. Review and education staff about security policies
When do you conduct security training and how often do you provide continuing education sessions with your staff about security protocols and procedures?
• Security Policy: Development and Implementation -nces.ed.gov
3. Comprehensive data backup programs
(We’re utilizing Cloud storage, and would highly recommend it. Plus, we keep a detailed, up-to-date Disaster Recovery program)
How is your data backed up and what is your disaster recovery plan?
• 8 Benefits of Online Data Storage -Business News Daily
• 6 things to consider when implementing a disaster recovery plan -AT&T Business
4. Automated virus protection updates across network
Is your anti-virus software reputable and up-to-date? How often do you review and update it?
• Why Is It Important to Constantly Update Antivirus Software? -Techwalla
• The Best Hosted Endpoint Protection and Security Software for 2020 -PC Mag
5. Physical security of building
(Check out our fortress of a Data Center)
How effective is your building security? How are keys and codes handled?
• 7 Physical Security Practices Every Business Should Implement -Linkedin
6. Yearly external audit conducted to assure critical security programs are being followed (In PrimeNet’s Case: SOC Type2)
Do you have any third parties who conduct security audits?
• How and Why to Request a SOC Report from Your Vendors
7. Periodic external penetration tests conducted.
A penetration test is designed to answer the question: “What is the real-world effectiveness of my existing security controls against an active, human, skilled attacker?”
• What Is A Penetration Test And Why Would I Need One For My Company? -Forbes