In an increasingly digital world, it’s always essential to ensure that your business maintains high levels of cybersecurity. A data breach can be detrimental for even the largest of companies and in recent years several high-profile companies and organisations have fallen foul of some spectacular cyberattacks.
The introduction of GDPR in May 2018, firmly places data protection in the hands of the company holding the data. GDPR means that using a cyberattack as an excuse for a breach doesn’t wash anymore. Businesses and organisations must be able to prove that they have done their utmost to protect any confidential data that they hold. Failing to do so can result not only in fines but a severe dent to reputations.
While it’s impossible to say that a data breach will never happen, there are many proactive actions that businesses can take to ensure that inevitability can become unlikely.
Train your employees
Training your team in the handling of sensitive data can reduce the risk of potential phishing attacks. Knowing and understanding how cybercriminals gain access to logins and sensitive material creates a culture of awareness. For example, educating your team on the ease of finding confidential login information from social media (pet and child names, and wedding anniversaries for instance) can help them to understand how simple it can be to access passwords and logins. Additionally, being able to recognise phishing emails and making the connection to the dangers of using the same password for multiple accounts removes the likelihood of an attack as a result of human error. How many of your team use the same password for their work system as their Amazon account for example?
Keep your network protected.
There is a wealth of programmes out there that can protect your system from attack. While it may be attractive to consider finding protection yourself, it’s more advisable to employ a company such as Allteks to manage and protect your security systems. Managed Service Providers (MSP) will consistently and continuously check that your VPN and firewall are working through vulnerability scans and penetration testing. Their purpose is to find problems before they arise.
Taking a proactive stance to your network security is a GDPR requirement and, in the event of a breach, the Data Controller within your organisation would need to prove that the correct security was in place.
Secure your devices
As technology advances, remote working is becoming far more accessible and popular. With staff now working from home and pretty much anywhere where Wi-Fi is available, organisations must protect and secure any devices that may be used to access their networks. Whether they are cloud-based or physical, if a staff member is using a device to access your data, that device must have security in place that meets your organisation’s security policy. At the most basic level, employee laptops, USB drives, and tablets should have encryption in case they are lost. But, on a more advanced level, they should have security in place to protect your data should they become infected.
There is a range of software available to monitor access to networks, and we would always encourage businesses to speak to us to find a programme that fits their needs.
Secure your physical space
Knowing who is onsite is vital from a health and safety perspective, but is also essential to protect you from data breaches. Can visitors access your system? Do you have locked or password-protected doors? Additionally, consider which staff members have access to your data and whether they actually need to have that level of permissions.
Create clear data policies
All organisations should have a data policy to which all members of their team adhere. It should set out who has access to sensitive data. How long to store it for, and how to ensure safe disposal. Many of us shred physical documents, but how do we dispose of electronic data? Under GDPR, this doesn’t just cover personal details, but also CCTV and surveillance footage. There should be someone who is responsible for making sure that any policies are followed.
Where’s your data?
It’s also vital that you know where your sensitive data is stored. Whether that’s in a filing cabinet or an encrypted file, understand why it is there. It is crucial to have procedures in place to ensure you can account for all sensitive data.
Proper disposal procedures
It would be best if you had policies for shredding sensitive physical documents. However, what do you do when you recycle or dispose of devices that have held confidential information. Under GDPR, you must be able to prove that any devices you dispose of are done so through a registered company who specialise in wiping data. Gone are the days of sending obsolete PCs and laptops to the tip.
Ensure good people processes
Finally, we recommend that you complete a security audit every few months. Check to see if ex-staff members still have access to your network and encourage staff members to change their passwords. Doing this reduces the likelihood of a data breach due to poor password hygiene.
Protecting your data can become easier with a managed service IT partner on board. We work with our clients to ensure all options are explored to ensure their organisations are appropriately protected. We offer varying levels of IT support. Either becoming your outsourced IT department or co-managing with your existing IT department or on a project-specific basis.
To secure a free 2-hour review of your IT infrastructure with recommendations to securing your data, please, get in touch
Allteks has been providing IT support and IT services from our head office in Maidstone, Kent since 2000. We help businesses across Kent, London and the rest of the UK.