Determine your risk
Risks you need to consider fall into 2 areas: malicious risk and unintentional breaches.
Malicious risks for example could be theft of digital data, customer records, sensitive financial information or intellectual property.
Unintentional risks could be an employee losing a key piece of hardware such as a laptop, USB pen or smart phone.
It is essential to protect your business from both types of risks.
What data do you have and identify what you need to keep safe.
Take an inventory of the data held by your business and rank it according to how sensitive it is. Where it is stored, who has access to it and what the impact would be on the business if that data was compromised in some way.
By law, you are required to protect customer data and have legal obligations as outlined in the General Data Protection Regulations effective 25th May 2018.
By keeping a record of what data you hold, where it is stored and who can access it, you will be able to identify risks and take appropriate precautions to protect it.
A good starting point for securing your computer network is installing malware protection. Malware is malicious software running on your network without you knowing. This can cause massive disruption to your business. A firewall and virus scanning software will help to identify threats and quarantine them, effectively rendering them harmless. Security software can also restrict which websites can be visited by your staff, thus also limiting the risk.
Advice about data security should be given to all employees and restrictions on what ‘outside’ device can be connected to your company network. This also applies to USB memory sticks which can also be the source of malware and virus infections.
A data security specialist firm can also be hired to test for any weak points in your computer network.
Hiring a security specialist
A specialist security firm can offer 24/7 protection of your computer network by remote monitoring. Such a firm can ensure you are protected against the very latest cyber threats but also help to clean up your network should you get a virus infection or hack.
It’s also important to keep staff up to date on cyber threats and make them aware of best practice when it comes to data security. The majority of data breaches are caused by human error so keeping your staff trained and up to date is very important.
Storing Data safely
Where to store your data is an important decision for your business. On one hand, you want it accessible by staff who need to use it as part of their day to day job but on the hand, you need to restrict it too, so that not just anyone can access it. An encrypted cloud based solution will offer both ease of access (to those permitted to do so) as well as being a secure way to store it. It’s still important to take regular backups of your data and consideration should also be given where to securely store these backup sets.
Controlling who can access what
In the event of a data breach, it’s important to be able to determine what access was made, by whom and when. Having a robust computer system that allows you have different permission and role levels is important for reducing the risk of data loss. Having everyone with ‘admin’ access is asking for trouble and is not advised.
As I mentioned earlier, the majority (nearly two-thirds) of data breaches are down to human error. This makes staff training an obvious priority for any business. However, this priority needs to be driven from the top, the leadership along with integrating to company policy to make sure each employee is aware on how to do their bit for data security.
Staff should be made aware of what they can and can’t use their company computers and devices for. Make them aware of what suspicious emails or attachments look like and when it’s safe to open them. Having strong passwords is also essential for all staff to have and you also implement a password change policy each month.
Disposal of sensitive documents
If you use printed documents to conduct business then having a secure shredding bin is also advisable. You can buy an office shredder but the downside here is the noise pollution each time someone uses it. Alternatively, a document shredding service could be used to shred the documents collected in the lockable bins on a regular basis. This saves you having to take charge of shredding waste documents yourself and dispose of the shreddings.
We hope you found this article useful, stay tuned for more data security help and tips soon.