With more businesses than ever having gone completely digital, the fight against fraud is firmly centred on data. According to VMware Carbon Black, 88% of UK businesses surveyed experienced a data breach in 2018, while the data breach checker site, have I been pwned? Lists over 11 billion accounts that have been affected by a data breach.
Data breaches can result in significant fines and serious harm to your reputation, so it’s crucial that you operate your business in a data-safe manner. Here are five ways you can do just that.
When your business gets rid of its old hardware, you must dispose of the hard drives properly, as depending on the type of drive, data that was ‘deleted’ can still be quite easily retrieved by bad actors.
To guard against this, always be sure to employ qualified and well-regarded data shredding services. These businesses will securely disassemble your hard drives and then shred the drive components to ensure the data is destroyed completely.
Your company’s first line of defence should be a robust anti-malware system. A powerful firewall is important to protect your business’ critical systems. To protect staff working in the office and remotely, load device protection software on all laptops and work smartphones and deploy email protection software. Your wireless networks should also be encrypted and use strong passwords.
To make sure your staff are not creating and using poor-quality, easily hacked passwords, make sure your IT team uses a password generator and makes user accounts for staff. Any web apps or software that are used across the business should be set up in a similar way.
Place company-wide login details in a secure online password vault like Keeper or LastPass so staff don’t have to send sensitive usernames and passwords to each other via email and messaging apps which themselves can be hacked.
Back up your data and recover it
Backups are a must if you want your business to be able to continue functioning if staff lose their files, you are hit by a cyber-attack, or your servers are damaged.
There are plenty of providers of these sorts of services. Typically, they will create a secure link between their servers and yours, which will create a regularly refreshed backup of your important data. If the worst happens, this data can be put into action with minimal risk of downtime.
Implement access control
Whether your organisation is large or small, you should implement a permissions-based approach to data access that ensures users can only access data related to their role and seniority. Then, protect your files with read or edit-only settings by default. This will help you stop sensitive files and data from being taken from your servers by employees and hackers.
Assess and improve
Hacking methods are constantly evolving. So, whether you are hit by an attack or not, you need to dedicate time and effort to assessing the risks to your company’s data and devising ways to guard against these risks. Assign a member of staff to work with an external auditor who will test your systems and provide insights on how you can improve your approach. When it comes to data security, prevention really is the best cure.