Your data is your greatest asset – but it could turn into your company's Achilles heel if you don't have a fully managed IT security policy in place.
Your company's data is the lifeblood of your business. From client details to confidential information, data can be dynamite if it falls into the wrong hands, damaging your reputation and potentially destroying your bottom line.
Ignorance is not an excuse . . .
The two biggest threats to your data are: 1) if it is accidentally released into the public domain and 2) if it is hacked. You may feel that your networks are secure – but are you sure?
‘82% of businesses don't know how much they currently spend on data protection.’
You can be fined up to £500,000 by the Information Commissioner's Office for data protection breaches . . .
The issue of data security is becoming ever more pressing:
business, governmental and home computers (often used for work) experience 44 million attacks a year . . .
and the financial loss to our economy? £27 billion.
And here's the sting in the tail:
‘97% of breaches were avoidable through simple or intermediate controls.’
In other words, a properly managed IT security policy will keep your data safe . . .
The threat within
According to data security specialist Clearswift, over the last year 58% of security incidents have come from within an organisation (e.g. employees, ex-employees, as well as trusted partners) compared with just 42% coming from outside the organisation.
What to do
Ensure your data remains in your company by:
- Educating employees about the risks of scam emails – they should never reply or open any attachment from an unknown source. Simply opening an attachment could install malware on your systems.
- Banning the use of USB drives and other digital storage media – these can be lost or misplaced. Just ask Eastern and Coastal Kent Primary Care Trust, who left 1.6 million patient medical records (all unencrypted) on CDs in a filing cabinet that was then taken to a landfill. The data was never recovered.
- Creating passwords that are not easy to guess – use online password generators to come up with tough-to-crack passwords.
- Underlining to employees that they must not share passwords with colleagues.
‘Treat your password like your toothbrush. Don't let anybody else use it – and get a new one every six months.’
Clifford Stoll, data security guru
Other important tips:
- Use encryption software to secure all your information on mobile devices; if a laptop or other mobile device is lost, the encrypted data on it will be unreadable by third parties.
- Use remote wiping software – this allows you to wipe a device when it has been lost or stolen.
- Ensure that employees are educated about the risks of using unofficial, third-party software – if it’s not tried and tested, they must not use it.
If you want to let employees use their own devices in the workplace (Bring Your Own Device – BYOD), ensure you have suitable policies in place to prevent security breaches. These should include:
- A full audit of your network by IT consultants.
- A BYOD policy document that staff can read and understand.
- A list of apps that can and can't be used.
- IT personnel available to answer employees’ questions.
‘50% of employees say they have misplaced a device with important data on it – with 22% admitting that the loss had security implications for their business.’