Non-Negotiable Data Security Basics
Data security is non-negotiable. Aside from your legal obligations to protect personal information under the Data Protection Act (1998), your customers also expect you to maintain their privacy. Data security breaches are both costly and embarrassing for your business.
Here are the bare minimum provisions your company needs to put in place to raise security levels.
Contrary to popular opinion, most data breaches happen inside your company network. Most of these breaches are accidental, but disgruntled staff can and do steal data.
The safeguard for any network is the application of strong, secure passwords. This means forcing employees to choose passwords that use a combination of letters, numbers and cases with which to log on to their computers. You will also need to create a standard policy for your employees that:
• Explains why passwords are used.
• Forbids the disclosure or sharing of passwords between employees.
• Outline the disciplinary steps your business will take if the policy is breached.
With internal security tightened, you can now turn your attention to keeping cybercriminals out of your network. A firewall is a device that sits between your network and the Internet inspecting all of the traffic flowing in and out of your organisation. Where the firewall identifies a problem, like a suspected hacking attempt, the connection is terminated before the hacker can gain access to your network.
Most ADSL routers come with basic firewall capabilities to block the most blatant malicious activity and you should always ensure that this device has been configured correctly to tighten security. You should also discuss with your IT support provider whether the router provides a sufficient level of security or if you need to purchase a dedicated firewall appliance to further strengthen your network defences.
Viruses and malware are small applications designed to steal or corrupt data. The software is often attached to email, or installs itself without warning via compromised websites or similar. To help protect against these infections you need to have antivirus software installed on every PC and laptop that your business uses.
As well as preventing many common malware applications from installing themselves on your devices, antivirus software can also detect and remove infections relatively quickly. You should configure your antivirus software to scan PCs periodically to identify and remove any problems that may have crept in unnoticed.
As noted above, your employees are actually your greatest security asset and weakness. It is extremely important then to give staff basic training to improve their understanding of common security risks and how to manage them. You should ensure your staff know:
• How to identify suspicious emails, and what action to take with them.
• How to identify risky websites.
• How to handle data safely to prevent leaks and loss.
• How to securely access company resources.
• How to report concerns regarding data security to the relevant person in your organisation.
By giving your staff the knowledge and skills they need in advance you equip them to act in the best interests of your business at all times.
So over to you…
What are your non-negotiable security tips?
What you looking for in your cloud security?