Did you know that it was recently reported that only 5% of companies’ folders were properly protected from cyber criminals. and that 17% of all sensitive files are accessible to all employees?
With those frightening statistics in mind, when was the last time you checked how your business's data is being used?
Here are 4 steps you can take to keep your businesses data safe:
Step 1: Learn the addresses of your data
Often, businesses store data on multiple media types including local storage, disk based back up systems, cloud solutions, and more. A simple place to start is to understand exactly what lives on each form of technology and in what format it requires its own type of protection.
Step 2: Implement a need-to-know policy To reduce the risk imposed by human error or curiosity, businesses should create policies that limit access to data, meaning only those that require access have access. As a business, you should consider means to track access log entries, so that unpermitted access will not go undetected. Step 3: Toughen your network security
Networks are normally protected by a firewall and antivirus software, but these will not be effective if they are not up-to-date and working within the latest software versions.
Malware is a cyber security threat that mutates daily and as a business, it’s key that your antivirus software is up to date in order to keep up with these mutations.
Bring your own devices has been a rising trend for businesses in recent years, however, the COVID-19 pandemic meant that this wasn’t a trend or choice for many businesses when they were forced to close their business premises. This meant that there were many businesses who had employees using their own devices in order for a business to continue.
As a result, it’s a philosophy that is here for the long run and your business's security policy and processes should include the use of personal devices for business purposes.
Step 4: Don’t hang on to data baggage
To proficiently manage data as a business, creating a data lifecycle management plan will help you delete old and obsolete data. Things to consider when doing this are:
Identify the data you must protect and identify how long this must be kept for
Ensure you are looking at offline and offsite tape back up’s when tidying out your businesses data
Ensure you have an incident response plan in the event a successful cyber attack takes place
Consider non-digital data such as paper files and hardware files as these can hold out of date data
Securely dispose of hardware that could contain out of date data, this could be photocopiers, scanners, or even outdated voicemail systems.
The South East Cyber Resilience Centre offers a range of services for businesses that are designed to help you identify your digital vulnerabilities and weaknesses or, if you are a victim of a data breach, we can run an individual internet investigation that would identify what personal or private information is publicly available online.
Find out more on our dedicated Student Services page www.secrc.co.uk/services.