Today on our blog, we take a look at data security, primarily as it relates to your meetings. Ensuring that your sensitive data is secure at every meeting is our top priority. We take no chances.
We recently interviewed our own Miller Tanner expert, Daniel Conroy, Director of Technology Services, who offers his insights and advice on the topic and further explains the methods that Miller Tanner employs to ensure the security and protection of your meeting’s information.
What steps does Miller Tanner Associates take to ensure data is secure?
It all starts with our classification of data. We treat all data, whether created internally or received from a client or vendor, as sensitive. Sensitive in the data security sense means that if this information were to be compromised or publicly released such an event could negatively affect either Miller Tanner or our client/vendor. That information security awareness helps our staff better understand why the measures we insist on are important as well as how they might proceed if presented a challenge we didn’t consider.
More tactically, we have several procedures in place to protect our data in transit and at rest. All of our mobile devices are encrypted and we own our gear. This means we aren’t renting hardware so we can control what information goes on and what information comes off. Furthermore, we wipe (securely remove data) all ‘show’ laptops after a meeting to ensure we didn’t miss anything.
What types of data specifically are we most concerned about keeping secure?
All of it. If you make information security part of your corporate DNA it is much easier to protect than trying to decide if this or that document, video, etc. meets the security standard. If I had to pick between client data or internal data, however, I’d always say client first. Our clients are the reason we are in business and we never want to forget that.
Does Miller Tanner provide any security measures that are uniquely different?
The fact that we own and operate our own equipment is a big differentiator. Miller Tanner Associates has invested significant financial resources to ensure that we can control both the hardware and data on our gear. Laptop rentals are great, but what happens to those files once the rental company gets their gear back? The answer is no one can be sure, even if the files on that laptop were deleted. I know our devices are encrypted against lost or unauthorized access, but also we securely wipe any machines used in a meeting once the meeting is over.
How should our clients prepare in terms of security of their data?
Prepare for a meeting or prepare their organization to be more secure? If it is for a meeting, there is really little in terms of preparation. We offer access to a trusted third-party email encryption service for our clients so that they can securely share their data with us from the start. As you might imagine we have other secure methods of data transfer should they need that as well.
If you are talking organizational security, I think the first line of defense is preparedness. Preparedness for information security comes in the form of education and training. One of the most prominent attack vectors today is phishing. Organizations need to educate people about phishing, how to spot phishing attempts, and what to do once they are presented with it.
Is there anything else that you’d like to add that you feel is important in regards to data security?
If I can climb onto my digital soapbox for just a moment, I’d like to make a Public Service Announcement for two-factor authentication. To quote the 2016 Verizon Data Breach Investigations Report, “Passwords are great – kinda like salt. Wonderful as an addition to something else, but you wouldn’t want to consume it on its own”. Simply put, no matter how good a password you have, use a second means of authentication whenever you can.
Think of two-factor authentication as similar to getting money from the ATM. You need your card AND to know your account PIN. If you don’t have both you don’t get any money. Two-factor password authentication works the same way. You need your username, password, and a one time passcode that can be sent via a text (or similar).
Many popular tools like Gmail, Yahoo and Facebook already offer this feature. Once you enable two-factor (or multi-factor) authentication on your account a lost password or even security breach at the company is less damaging. The attacker may have your password, but they don’t have that second factor which means they can’t access your account. And lastly, consider using a different password for all services and use a password manager to keep them straight.
