We’ve discussed a variety of topics on our blog in recent months, from mobile technology to business flexibility. One common problem they must all address is internet and data security.
Businesses and non-profit organisations are entrusted with a plethora of data, including personal employee information, contact information and even customer finances. As technology develops, data is becoming easier to access, which opens up opportunities for exploitation. It is therefore imperative that all stored data is secure.
Newspapers and blogs are awry with stories of data theft, internet bugs, and hacked systems. Security breaches could cost you anything from a few hundred pounds to thousands of pounds. No one is exempt, as all technology and software is at risk from both internal and external threats. As we explained in a recent blog post, UK businesses are leading the way in workplace mobility, with almost 50% of SMBs using personal communication devices for work purposes. However, in many cases businesses do not have a formal policy in place to ensure their data is secure.
The rise of BYOD (bring your own device), where employee-owned mobile devices such as smartphones and tablets are used to access business content or networks must be addressed. Companies have much less control over an employee’s personal device in comparison to a device owned by the company. As explained on Computerweekly.com “… allowing employees to use their own devices to access company information gives rise to a number of issues that a business must answer in order to comply with its data protection obligations.”
The future of business looks set to utilise technology to further increase the accessibility of data. As BYOD becomes even more popular, the ability to remotely wipe devices will be increasingly important. Those with an Apple device can erase their device if it is lost or stolen, but you must set up set up “Find My iPhone” first. Find out more here.
Added to the internal threats, are external threats that come via the internet. These threats include trojans, spyware, spam, rogue security software and much more. These threats can corrupt, steal and monitor data, as well as take full control of your systems.
How to prevent threats
Implementing security processes within your business is imperative. You must identify areas of your business that require low, medium and high levels of security. As discussed recently on Itproportal.com, Gordon Rapkin, president and CEO of Protegrity said, “You can’t secure data without knowing in detail how it moves through your organisation’s network.” He went on to say, “Business managers need to classify data according to its sensitivity and its worth to the organisation so they can correctly evaluate and fund different levels of protection. “Data Asset Valuation” is a very worthwhile ROI-type of activity.”
How to prevent internal threats
- Map out how data moves through your organisations network and identify what level of security it requires
- Implement restriction levels on sensitive data, this includes restricted access to data and software, along with preventing data exports without the correct level of authorisation
- Introduce comprehensive policies to cover BYOD and company equipment
- Create complex passwords and change them regularly, especially when someone leaves the company. Ensure you have password recovery, just in case you also lock yourself out of your systems
How to prevent external threats
- Install anti-virus and anti-malware software on to each computer and mobile device
- Ensure your firewall is stable and secure
- Create complex passwords that are not likely to be guessed by a third party
- Add a second layer of security, known as two-step verification, where a time-sensitive pin number will be sent to the mobile device connected to that account
For help on how to comply with the UK Data Protection Act 1998, with regards to BYOD, the UK Information Commissioner's Office (ICO) has published this guide.