Data Security - Are You Forgetting the Basics?

So many of us hold our data electronically, such as personal banking details and precious family photos which would be devastating to lose. And the same applies to business information. Having a robust data security strategy is not only vital to all companies, but a legal imperative. Although we may be aware of data security principles, how often do we ignore them?

1. Adopt password management tools

With all the passwords we need, it’s just too simple to reuse the same format for multiple sites or having a simple password like the name of your dog. Practising good password management is much easier with password management tools. There are many on the market, so research which will be suitable for your business.

These tools not only remember passwords and automatically fill in the username and password for you, they can also be used to automatically generate a strong password. Here are some rules of thumb when it comes to picking a new password:

• Use a mixture of upper and lowercase letters, numbers and symbols.
• Don’t reuse the same password for multiple sites or applications.
• Have a minimum of 10 characters.
• Don’t share your passwords with anyone.
• Avoid writing your password(s) down.

2. Be suspicious of unexpected emails

We’ve all received spam emails, but spammers’ tricks have evolved. Using “social engineering”, cybercriminals will attempt to trick employees into divulging sensitive information by masquerading as a legitimate enquiry.

You may think you would see through a spammer’s tactics, but we recently did some phishing tests on behalf of our clients and the results were astonishing. With a well-crafted scam email, we were able to obtain 8% of the recipients’ login details to major parts of their corporate networks. Yes, that means one in twelve people gave us full, unadulterated access to their IT system. Be suspicious of any contact which sounds official and asks you to divulge sensitive information.

Even if an email appears to come from a legitimate source that you regularly communicate with, make sure you check the sender’s address and not just the name.

3. Store your data securely

It’s often necessary to keep your customers’ data. You should always ensure that this data is stored securely; access is granted only to those who need it and that mobile devices including laptops, tablets and removable media are encrypted. Remember, under GDPR, it is your responsibility to keep data secure and the consequences of breach could be severe. Make sure you know where sensitive data is filed and consider storing it off-site in a secure data centre.

If you do need to transmit sensitive information, make sure you do so securely. Either by encrypting the files before sending or using a secure file transfer service.

4. Back up your data regularly

Sadly, data breaches can still happen due to a variety of causes. So make sure that your data is backed up and stored securely so that you can recover it if you do fall victim to a security incident. Having regular backups provide both resilience and peace of mind. Should the absolute worst-case scenario happen, you can recover your data, minimising the impact, and letting you get back to work as soon as possible.

Don’t fall into the trap of assuming that a replication service is a backup. It isn’t!

5. Keep your software up to date

When you see: “Your computer needs to apply updates” pop up on your screen – just do it! How many times have we clicked “Update Later”? These software updates contain security improvements and fix bugs within the software that may leave them vulnerable if ignored.

Keeping your computer’s operating system and applications up to date helps close these vulnerabilities and often adds new features in the process. A cloud strategy, such as a hosted desktop, can ensure that all of your employees’ systems are updated at the same time.

Security equals business hygiene

Threats to our data are continually changing and no-one can afford to be complacent. Our security strategies must be continuously improved and made more robust. Increasingly, companies are adopting multi-factor authentication – where additional layers of security can be added using multi-factor authentication devices which will reinforce password protection. Read our recent blog about MFA.

No matter how aware we are about potential threats to our IT systems, it’s important that cyber security discipline is followed throughout your organisation. Make sure that you and your staff don’t just pay lip-service to data security principles.

For advice and practical help on your security strategy, contact Orca.