020 8372 1000
Are you protected against a data breach?
What are the chances of you experiencing a data breach? You aren't a bank or an online gaming company, and so far so good, nothing bad has happened. But data security isn't all about credit cards. Your company's intellectual property that is held on your servers typically accounts for 85% of its value in the event of an acquisition, and even though you may not realise it, that has a value for someone else as well.
What is the Risk Of A Data Breach?
According to the 2015 PWC breach report, 90% of large organisations and 74% of SMBs suffered a security breach in the previous 12 month period. Given these statistics, it surely makes sense to make sure that you are prepared in case you have a security breach in future.
So what should you be doing to protect yourself better and make sure that you can get back to business as usual as quickly as possible?
Is Your Security Software Up To Scratch?
Many smaller businesses still think that they are well enough protected by a firewall and a basic security suite from one of the industry's reputable vendors. The reality however is that basic security software offers little protection against someone who is determined to get at your sensitive data. If the data that you hold on your systems needs to be protected, you need software that will spot when someone tries to access files that you wouldn't want them to access. Data Loss Prevention (DLP) software keeps track of who is accessing your files, blocks unauthorised access, and alerts your IT administrators so that they can take the right steps to resolve the issue before any harm is done.
Use Encryption Where Appropriate
If you hold sensitive information such as company financials, personally identifiable information or intellectual property, you should add further layers of security to make sure that only authorised staff are able to access it. This is where encryption comes into play. By encrypting sensitive information it will be inaccessible to anyone who either doesn't know the password or doesn't possess the decryption key.
Have A Proper Backup Regime
Backups are your last line of defence when bad things happen, and in reality most companies have made proper provisions for backup where data is backed up to a cloud backup service. There are still however numerous companies who still hold their backups onsite which doesn't help much in the event of a fire or floods. What's more, if those backups are on a mapped drive that is accessible from your PC, you could find that any ransomware has encrypted not just your data but your backup as well. Having backups available is crucial in being able to recover from a data breach. Needless to say it is good practice for Business Continuity too.
Passwords are the weakest link in information security. If your employees haven't changed their passwords in the past 5 years, and if they can choose whatever password they want, then your data is at risk. Managing passwords however is an eternal conundrum. If you allow passwords that are easy to remember, they can be easily guessed or cracked. If you enforce complex passwords however you just end up with your passwords stuck to monitors or kept in the pockets of laptop bags. As a minimum you should make sure that passwords contain letters and numbers, that they are changed once a quarter, and make sure that accounts belonging to former employees are deleted in a timely manner. If you haven't already done so, you should also make sure that mobile workers who connect to your systems remotely use a second level of authentication to access your system such as a one-time-password application which is often an App installed on your company smartphone.
All the security software in the world won't protect your data without user education. You should build security into your business processes, include security policies and training in your induction programme, and make sure that your employees sign off on your policies as part of the process.
By implementing some relatively simple technology and processes you will significantly reduce the risk of experiencing a breach. Don't forget that data protection becomes a lot more serious when the European General Data Protection Regulations (GDPR) become law in May 2018. If you need help in getting your company “GDPR ready”, you should strike up a relationship with a data protection company or consultant.
Tony Harbon Enterprise Account Manager