In honor of Financial Wellness Month, Mark Burnette, LBMC's Director of Risk Services provides the following tips for companies to reduce the risk of data theft and keep IT systems and sensitive information protected from compromise:

1. First, companies should determine WHAT sensitive data they have. To do this, take the time to identify and catalogue sensitive data within your organization. Once you have a list of the types of sensitive data and where it is stored, processed, and transmitted within the company, you can determine the threats to that data and make sure you have the controls and protections in place to help secure it.
    
2. Once organizations have identified what data to protect, they need to determine HOW susceptible it is to compromise. A penetration test can help you determine the technical vulnerability of your IT environment (and sensitive data) to compromise. This type of test helps to validate the security measures that a company may already have in place and to identify the remaining holes that could lead to data compromise.
    
3. Make sure that company personnel understand their responsibility to protect sensitive information. Many compromises occur because a well-meaning employee sends sensitive data via unencrypted e-mail or clicks on a link in a phishing scam. Take a few minutes this month to send a companywide e-mail to remind employees to be vigilant when receiving unexpected messages and inquiries and to be aware of the company's policies regarding the handling of sensitive data when their job duties require them to store, process, or transmit such information. Also, be sure that your company's internal training includes a module on protecting sensitive data and complying with security policies. Once training has occurred, companies should periodically evaluate the effectiveness of the training by performing "social engineering tests" to assess the awareness and vigilance of personnel, and adjust training programs based on the results of the tests.

Most organizations have a limited amount of money and people resources to dedicate to information security and data protection. Before you spend a dollar of your organization's money on security tools or products, make sure it is going to address the areas that present the highest risk to the company. That approach ensures that all security spend is justifiable and appropriate. LBMC's Security and Risk Services team can help you assess your risks and ensure that your security efforts produce the greatest benefit and have the most effective impact.

LBMC Security and Risk Services, a member of The LBMC Family of Companies, is a world-class firm and leading service provider for information security. LBMC Security Services offers a full spectrum of services in the areas of intrusion prevention, compliance including PCI DSS, FISMA/NIST, CMS, SSAE 16 and HITRUST to name a few and consulting ranging from risk assessment to design and implementation to ongoing monitoring. For more information visit www.lbmcsecurity.com or call Mark Burnette at 615-309-2447.