As the new general data protection regulations come into force, ensuring your business data is securely protected is now a higher priority than ever. I’m going to assume that you’ve done the basics; enforced strong passwords; set up a good firewall configuration so your network is secure; installed up-to-date antivirus software, and ensured your confidential data is protected by standard security permissions.
Beyond the basics, these are my three recommendations for making sure your business data is prepped against cyber attacks.
1. Secure your mobile endpoints
Your data travels around on the laptops that your staff carry around with them and in the email accounts that are on their mobile phones. If a company laptop or mobile phone is lost or stolen and the device is not protected, then this could be classed as a data breach and the information commissions office may need to be informed. Simply implementing encryption on computers and a mobile device management system can protect your business against the risk of fines. ESET has some great tools when it comes to securing phones and other devices: https://resolve.co.uk/blog/article/secure-all-business-devices-from-one-location
2. Everyone backs their data up, don’t they?
You’d be surprised at the number of new clients we take on that wrongly assumed the backup strategy recommended by their previous IT service supplier was robust and monitored. At Resolve we check your backups every day. We always recommend a 3-2-1 strategy (3 copies of the data, in 2 different formats with at least 1 copy off-site). It is also a good idea to make sure your off-site backup is done automatically and not reliant on one person remembering to swap a USB drive or tape and take it home. However, if this is the only viable solution for ensuring an off-site copy of the backup, please make sure the backup is password protected and the drive encrypted!
3. Talk to your staff about data security
With the best will in the world and well thought out procedures and policies, the biggest vulnerability in any network is the end user. Even if you’ve got the most robust backup and disaster recovery strategy out there, and you've encrypted all your devices and enforced a great password policy, your business is still at risk if your staff are not aware of the implications of their actions. Make data protection a part of your staff induction, have a succinct data protection policy and make sure staff remind themselves of the content on a regular basis. This reduces the risk of staff inadvertently putting the data at risk by copying confidential or personally identifiable data on to a memory stick to take to work at home or emailing it to a supplier or client.
With an increasingly mobile workforce, knowing where your data is and knowing that it is secure should be a priority for all business owners. Wonderfully, there's now plenty of software to keep on top of these issues. One of the newest arrivals on the market is Microsoft 365 Business that gives you full control of devices, whether they are in the office or anywhere else in the world. Find out more about that here: https://www.microsoft.com/en-us/microsoft-365/business