An Eye on the Data

Posted on October 17, 2016 by Tom Butler Cert CII

Personal and identifiable data needs to be encrypted or password protected and only accessed by those who need it, on this the Data protection act is very clear.

Statistics
Make sure you know where all your data is located and how it is protected.

Your data needs to be closely guarded at all times to prevent a breach for which you will be responsible. And this doesn’t just include the personal details of others but also sensitive company information.

Where’s your data now? If you want to keep tabs on your data security, you need to itemise exactly where it’s currently stored. The multi-media approach many businesses adopt means that data can be stored on local disks, backup systems, on tape offsite and on cloud. These different locations will need specific protection to give your data the best chance in security.

Two tiered approach – The threat to your data can be physical or technical, so your protection needs to be as well.

Technical

Encrypting data – should be a priority, so if you can’t prevent it being acquired by the wrong people, you can at least make it difficult for them to crack. See BitLocker for Windows which offers encryption tools.

Passwords – need to be strong and change regularly. Network tools can prompt employees to change their passwords on a frequent basis, and if there are certain employees who are authorised to access sensitive information, make sure this is facilitated with a password to prevent others from viewing it.

Secure networks – with firewalls, running anti-spyware and virus detection. Make sure that your wi-fi networks are not publicly visible as an easy entry point for malware.

Identify – unprotected sensitive data with data discovery tools.

Physical

Key locks and code entries – should be distributed only to authorised employees. If you have any third parties or contractors who need to access data media, make sure they are background checked and a log is kept of their visit. Restrict access to servers, storage and network cabinets with physical locks.

Be vigilant – when out with a company laptop or a USB holding sensitive information. Think ahead and encrypt data on any portable devices in case these are lost or stolen.

Keep your employees informed – Your employees need to know the risks so they can be clear on what to look out for. If they are using company computers and laptops every day, there is every opportunity for criminal activity, either through emails or weak passwords. Create a policy so your employees know what to look for and when to be suspicious, and these opportunities will become scarcer.

For more information on a cyber insurance policy, give us a call on 0113 2500377.