Data Breaches: Top 5 Things You Should Do To Protect Your Organisation
2018 was a year for data breaches with high profile cases including the Marriott hotel group being hacked and the data of 500 million customers being leaked. Also, Facebook revealed that in 2018 they had a data breach which resulted in 100 million Facebook accounts data being breached. So how do you protect your data from being breached in 2019? While it is not easy to guarantee that your data will not be breached, you can take very achievable steps to prevent a breach from happening.
- Limit users – An easy way to prevent data being breached is limiting what data staff/users can access. In a WordPress site, there are different user levels, admin, editor etc. These user roles determine how much they can see and how much data is visible to them. By using the correct role on your WordPress users ensures the right users are looking at any personal data. For example, a user who only adds blog posts does not have admin rights.
- Updates – Keeping software and plugins up to date is really important. WordPress releases updates regularly to patch known security vulnerabilities. If you fail to keep plugins and WordPress itself up to date you may have security flaws in your website which will only help a potential attacker trying to get any data they can.
- Passwords – This is an easy one however it is often neglected. A strong password is crucial to stop potential hackers from accessing your site and it is also important to change passwords as regularly as possible. Adding 2FA (2-factor authentication) is another easy way to increase security as well by getting a code sent to your phone when you log in to WordPress to verify your identity.
- Network Security – Security on computers and devices both in the office and at home that access the admin section of your website should also be reviewed regularly to see how secure they are. An attacker does not need to hack your password to get into your account if they have control over your devices through malware or viruses.
- Review Data – Review the information that is collected and stored. It is important to remember that you should only be collecting data that you will actually use. Once data has been used it is important to remove sensitive data to prevent a build of data over a period of time.
There is a website that you can use to check if your email address has been included in data breaches. You go to the website, enter your email and it will list the breaches you are listed in and the data included. You can even set up email alerts to send you an email if you appear in any future breaches.