We constantly talk about cyber security and the need to make sure your business is protected. However, one item that rarely gets mentioned is the actual company data sitting behind your companies IT system. The majority of cyber security breaches that occur today encrypt company data and make it worthless without professional intervention.
As more and more breaches occur, Governments all around the world are looking to tighten up their legislation on data. This has already happened in Europe with the introduction of GDPR. Of course, you might not operate in Europe but if you have clients based in Europe the legislation applies to you also. With all the new rules in place, you must know exactly where your company data is located, how it is being secured, and if it’s being backed up.
Here is our list of the most common locations for company data to be stored:
1. Cloud Services
Around ten years ago, the cloud was a new disrupter in the IT world but it’s become so prevalent now with the majority of email services being cloud-based. This is the number one most common location for all types of company data to be stored. What’s lurking inside your inbox or more importantly your HR departments? A lot of CVs and data on individuals. This needs to stay secure otherwise you could be in for severe fines and a massive PR disaster!
2. Personal Devices
At Aberdeen Cyber Security, we’re constantly improving the security of businesses by protecting company data on personal devices. Allowing your employees to use their company email on their personal smartphone is a wise choice, but it’s incredibly important to sandbox the data. Without doing this, you are literally giving your data away and running the risk of data leakage and misuse. What is the plan of action for when an employee leaves? Changing their email password won’t remove your data from their smartphone. Our advanced system protects you by implementing a robust protected layer around your business data.
3. Desktops & Laptops
This is the most obvious location where you might save your data. What’s important is that you have some form of encryption on all devices so that if anything ever goes missing there is a limited chance of the data being accessed. A common choice here is to use Windows BitLocker.
4. USBs, Portable Storage, External Hard Drives and Memory Cards
Many local and national businesses have had all sorts of breaches due to the use and loss of USB drives. The best advice we can give you is to restrict their use. Or an all-out ban on the use of USB storage devices within your business with our advanced Aberdeen Cyber Security IT Platform. Whilst it’s very practical for transferring files it’s also very easy to lose those files. The National Cyber Security Centre has published fantastic resources on this control.
Even if you have cloud services in your IT infrastructure there is a good chance you also have on-premise servers doing some basic functions. The most common include network file shares, printer servers, application services and directory services.
Whist you may have really good software and systems protecting these servers the question we ask is about physical access. How easy would it be for someone to access these servers physically in your office? Are they locked in a server room or just in a spare office cupboard? Who has access and what type of procedure do you have in place to gain access to these locations?
6. 3rd Party Suppliers, Contractors & Consultants
It’s fairly common for the larger sized business to have a constant flow of suppliers, contractors and consultants touching many aspects of your business. With these interactions usually comes the transfer of data. What is your company policy on the supply of data to 3rd parties? Do you have an NDA in place? Do you have a questionnaire that’s reviewed by IT to establish what security is in place with these 3rd parties?
Would a breach invalidate your insurance if it were to be found that the correct security was not in place? Please contact us for a quick overview of our advanced cyber security platform which stops the attack before it happens.