Five simple steps to (actually) securing your company’s sensitive information
Ignore this at your peril…
You’ve built a business, solved a problem, hired a team and planned for your future. There’s only one thing that can bring your empire crashing down before you can say “two-factor authentication”, and that’s a data leak. Since we’re literally obsessed with security, we’ve brought in the big guns — Jamie Akhtar of Tresor Security — to get you back on track.
Here are his top five tips…
1. Figure out what data you actually storeIt’s almost impossible to protect your information if you don’t know what you’ve got or where it’s stored.
This is getting increasingly challenging with the number of cloud services we’re now using. Thankfully, there’s an easy way of mapping this, by focusing on these key areas:
– What customer data do we store (and where)?
This is usually your biggest data set — everything from marketing info to service delivery.
– What company data do we store (and where)?
Think email, documents and communications.
– What employee data do we store (and where)?
Contact info, passports, payroll.
Once you have the specifics of these three areas, you’re ready to move onto step 2.
2. Review and lock down accessMost breaches involve people and this is often your weakest link, but not in the way you might think. People are the gatekeepers to information, so attackers often focus on compromising these individuals.
Looking over the three answers from step 1, think about how you can better secure access to each of these data stores.
– What can we do to add more security to customer data?
Ensure two-factor authentication is enabled where possible, review service providers and make sure only people that need access to customer data have it.
– Does everyone need to have access to all company data or could we segment on a need to know basis?
This could mean having one folder for directors, one folder for all staff and another folder for public assets.
– How can we protect our employee data while still being accessible?
This is often highly sensitive and the recent string of employee data breaches highlight the need for better protection of this data.
Hint: **use **CharlieHR!
3. Protect your digital devicesIf you work in an SME, it’s highly likely that most of the laptops and phones your employees are using are not fully secured and could be compromised in some way.
Here are the most essential measures to put in place:
– Install anti-malware on all devices
Yes all devices, including Mac and Android. There’s ransomware for Mac and Android, where infections are now as common as for Windows.
– Keep your software up-to-date.
This is crucial to staying protected: ensure auto-updates are enabled wherever possible and avoid the temptation to postpone updates. The number of security patches released weekly is staggering — don’t give the hackers an easy way in. Bonus: many updates also reduce crashes and make your devices quicker!
– Enable Find My Mac / iPhone / Android Device Manager.
This gives you a (slim) chance to locate your device, and (more importantly) the ability to remotely wipe any sensitive data that may be left.
4. Secure your networkThe network is no longer considered the safe fortress it once was, so it’s extra important to limit internal exposure and prevent any malware spreading.
Secure it with these key controls:
– Segment your network from the other users in your building and use virtual networks for further isolation between departments.
Top tool: Cisco Meraki is outstanding free network equipment for attending webinars!
– Lock down you network.
Change the default passwords and setup firewall rules based on what services you actually use.
– Use a VPN when outside the office.
This will prevent traffic interception and prevent being sent to malicious websites.
Top tool: Cloak for Mac/iPhone, TunnelBear for Windows/Android.
5. Train your staff to increase resilienceWith the massive increase in phishing attacks (the new age spam designed to trick you into clicking links or divulging information) along with exponential in growth ransomware, your staff are an important line of defence and the key to protecting sensitive information.
Here are three top tips to prepare them to defend against the bad guys:
– Regularly remind everyone to not click links or respond to suspicious emails.
This is still one of the most common ways that breaches start.
– Use a password manager.
Websites we all use are regularly compromised and our password is exposed. A password manager helps you by storing a unique password for each website you visit, making re-use a thing of the past and passwords harder to crack. No more remembering passwords!
Top tool: 1Password for teams.
– Stay alert and report suspicious activity
Staff are usually the first ones to notice when something isn’t right. Ask them to report any discrepancies and make sure these are followed up upon. With inevitable attacks, detecting an issue early is as important as preventing it in the first place.
***We hope this has been helpful and started you on your journey to securing your company! If you’re looking for more free advice and a government backed certification for your efforts then register for our pre-launch beta at CyberSmart.co.uk***.