Information Systems Security: A Good Defense is a Good Offense

Security – whether online or offline – is extremely important. Over 900 data breaches occurred this year alone, exposing more than 47 million records (and those are just the ones that were officially reported!).

Every day, we entrust our information to others, hoping that they will keep it safe. But what steps are they really taking? And, are they following through? Just one mistake on the company’s part can leave thousands of individuals primed for an attack.

It’s an epidemic.

That’s why it’s imperative that companies focus on physical, infrastructure, and operational security. As they say, a good defense is a good offense! There are a variety of ways companies can strategically approach security. But to be truly effective, more than one measure should be taken and used in conjunction with the others.

Information Handling

The way your organization chooses to manage your electronic information is the foundation of a strong security plan. Data encryption translates your data into concealed code, which greatly reduces the vulnerability of attacks from hackers and data thieves. Utilizing a Transport Layer Security (TLS) certificate on your website encrypts any data communicated over the internet.

Secure Infrastructure

To keep pace in the ever-changing security landscape, it’s important to have measures in place to protect infrastructure. Firewalls, guest networks, and endpoint protection are additional critical components. Coupled with encrypted backups and off-site storage of information assets, you’re looking even better.

Security Best Practices

Organization-level security is important, but a culture of security is also crucial. Best practices surrounding password creation should be relayed to your teams. With the number of online tools available, it is highly likely that your employees are creating their own passwords. Instruct them not to use easily found information, (i.e. birthdays, anniversaries, pet names, etc.). You should also host an annual security training to remind your staff of your protocols.

Audit

Another way to ensure data is continually protected within your organization is to complete frequent internal and third-party audits. At WHR, we undergo an annual SOC 1® (SSAE18 Type II) audit. A third-party organization extensively evaluates our systems design, operating effectiveness, and internal controls. We elect to participate in this audit to uphold our client commitments to data integrity.

Following Security Regulations

Beyond what a company can choose to do, there are many things that companies must do. There are a plethora of security regulations depending on the industry and the type of work completed. The most recent regulation buzzword is “GDPR” – the data protection rules set forth by the EU. Other regulations across many industries include the Federal Information Security Management Act (FISMA), the Health Insurance Portability and Accountability Act (HIPAA), the Family Educational Rights and Privacy Act (FERPA), the Payment Card Industry Data Security Standard (PCI-DSS), the Gramm Leach Bliley Act (GLBA), and so many others.

A Top Priority at WHR Group

The fact is, data security must be a top business priority and become part of the corporate culture. It’s something that we take very seriously at WHR Group. We ensure that our employees are up-to-date on information security best practices, not only for our company, but for their personal safety as well.

We understand that we possess sensitive and confidential data relating to our clients and their transferring employees. We have always taken proactive measures to secure information against accidental or unauthorized access, disclosure, modification, or destruction and to assure everyone involved of the availability, confidentiality, and integrity of our data.