Whether it’s occurring at a huge corporation or the newest start-up on the block, web threats and data theft can cause massive disruptions to any business’ day-to-day operations. Without the proper security and procedures in place, businesses leave themselves open to the consequences of such attacks, which are at best frustrating and at worst irreparable.
As damaging as threats to a business’ data security can be, they’re also easily avoidable when you have the appropriate safeguards in place. If you’re wanting to ensure business continuity, then investing in the right methods is essential. To get you moving in the right direction, here are ten practical tips your business can use in order to keep its data safe and secure.
1. Write up a strategy
Rather than having a vague idea of policy and procedures, businesses of all sizes should have a formal IT security strategy that’s as detailed and exhaustive as possible. It’s imperative that it not only lays out how to protect data and resources, but what to do should things go wrong. An incident-response strategy ensures you’ll be a step ahead, rather than making any rash heat-of-the-moment reactions that might make things worse.
Keep it updated and close to hand too; there’s no point putting in all that effort writing it up only for the document to collect dust in a drawer somewhere.
2. Protect against malware
Ward off data threats by securing your PCs and network against malware. Malicious software that can cause massive amounts of data damage, malware can swarm on unprotected machines without you even knowing about it.
It’s essential that you protect yourself from malware through the following:
- Apply the firewall: While not enough on its own, your router’s on-board firewall provides the first line of defence, so turn it on.
- PC protection: Sophisticated security software protects without compromising on the performance of your computer or network. Look for protection that can deal with identity theft, suspect websites and hacking in one fell swoop.
- Keep emails clean: Antispam software protects against unwanted emails, which can create risks and distractions for employees. Stop them in their tracks with the necessary precautions.
3. Keep your wireless network secure
If you have a wireless network, then beware: hackers are waiting to pounce on it without warning. An encryption key may flummox those who aren’t especially tech savvy, but to hackers, it’s be a breeze to bypass.
Strengthen your router by using the strongest encryption setting you can to protect your business, and turn off the broadcasting function to make your network invisible. As far as hackers are concerned, they can’t hack what they can’t actually see.
4. Safeguard passwords
Even something as simple as a password can be optimised to fortify your data. They might be a nuisance to remember, but the more complex your passwords, the more protection you can provide.
Make your passwords at least eight characters long, and embed numbers and other non-standard characters within them, so they can’t be easily guessed. Changing them frequently can also help – as can employing credentials which aren’t words, but combinations of seemingly random letters, numbers and special characters.
Here’s where passwords managers really come into their own, meaning your employees don’t have to worry about remembering them and won’t risk writing them down.
5. Create a plan for personal devices
More common in small-to-medium sized businesses, make sure you’re staying abreast of the security risks associated with employees bringing in and using their own devices.
Create a plan for the practice in order to provide some protection against legal repercussions and mobile system costs. A clear, comprehensive policy covering pertinent data deletion, location tracking, and Internet monitoring issues can be very valuable.
Additionally, businesses should look to make proper provision for employees who work remotely or use their own devices as part of their roles. While these practices can increase productivity and reduce overheads, they can also introduce new security concerns if not properly managed.
6. Set up automatic software updates
Hackers love to scan a network or site to see which version of software it’s running on to make it easier for them to exploit the vulnerabilities of older versions. Updating device security settings, operating systems and other software to their latest versions can prevent this from happening. Set any patches and improvements to automatically update in the background to further safeguard against potential threats.
7. Conduct background checks
Be extra vigilant with regards to hiring new employees; safeguarding against internal threats plays a key role in effective cyber security. Look into their background and give yourself an idea of what kind of person they are.
Additionally, be mindful of changes in the character of existing employees, as this could be indicative of other issues.
8. Dispose of data properly
Having the appropriate measures in place to dispose of data which is no longer required is a critical factor in reducing the risk of a security breach.
Ensuring that retired and reused devices and storage media have had their contents properly removed will ensure that confidential company data can’t be retrieved further down the line – and won’t fall into the wrong hands.
Remember; Reinstalling your operating system, formatting your hard drive or deleting specific files and folders doesn’t ensure your data is gone. In fact, in most cases your data is still completely accessible with freely-available tools. Ensure your IT disposal partner is using a tool that overwrites your data multiple times ensuring your data is unrecoverable.
Businesses should look to implement a sound data destruction policy which outlines the protocol for each use case (computers, phones, external hard drives and flash memory) – whether these devices are being redistributed within the business or discarded at the end of their lifecycles.
9. Use the cloud
If your business doesn’t have the time or expertise to stay on top of all the security issues updates requiring attention, then it might be worth looking at a cloud service provider instead.
A reputable cloud provider will be able to store data, maintain software patches and implement security. While not likely to be suitable for enterprise-level organisations, this can be a good approach for small businesses looking to provide themselves with a degree of protection.
10. Educate your employees
Making sure everyone in your business understands company security policy is important. Whether you opt to do it during onboarding or conduct bi-annual refresher courses, it’s worth carrying out – just make sure everyone is heeding the practices, throughout the entire company.
With proven expertise in business development, engineering and management, Ben Griffin is Sales Director at Computer Disposals Ltd – one of the UK's leading IT disposal companies serving both major companies and SMEs. CDL was the winner of three Computing Security Awards for 2018 – in Security, Data Erasure and Compliance categories.