Where to keep your Business Data, and how to Secure it?
We regularly discuss cybersecurity and the need to ensure your systems are secure.
However, one item that rarely gets mentioned is the actual data sitting behind your company’s IT systems.
The majority of cybersecurity breaches that happen today encrypt corporate data.
As more and more breaches happen, governments all around the world are looking to tighten up their legislation on data.
This has already happened in Europe with the introduction of GDPR.
Of course, you might not operate in Europe, but if you have clients based in Europe, the legislation applies to you also.
With all their new rules in place, you must know precisely where your company data is located, how it is being secured and if it’s backed up.
Here’s our list of the most common locations for company data to be stored:
1 – Cloud services
10 years ago cloud was a new thing in the IT world, but it’s become so prevalent now – with the majority of email services cloud-based, this is the number one most common location for all types of company data to be stored. So what’s lurking inside your inbox or, more importantly, your HR departments? A lot of CVs and data on individuals you may be on file – this needs to stay secure; otherwise, you could be in for severe fines.
2 – Desktop and laptop computers
This is the most obvious location where data is kept. What’s important is that you have some form of encryption on all devices so that if anything ever goes missing, there is a limited chance of the data being accessed.
3 – USBs, portable storage and memory cards
Many government agencies have had all sorts of breaches due to the use and loss of USB drives. The best advice we can give you is to restrict the use. Or an all-out ban on using USB storage devices within your business. While transferring files is very practical, losing them is also very easy.
4 – On-premise servers
Even if you have cloud services on your IT infrastructure, there’s a good chance you also have on-premise servers doing some basic functions. The most common include network file shares, printer servers and directory services.
We ask about physical access while you may have really good software and systems protecting these servers. How easy would it be for someone to access these servers physically in your office?
Are they locked in a server room or just in a spare office cupboard? Who has access, and what type of procedure do you have in place to gain access to these locations?
5 – 3rd party suppliers, contractors and consultants.
It’s fairly common for larger-sized businesses to have a constant flow of suppliers, contractors and consultants touching many aspects of your business. With these interactions usually comes the transfer of data. What’s the company policy on the supply of data to 3rd parties? Do you have an NDA in place? Do you have a questionnaire that’s reviewed by IT to establish what security is in place with these 3rd parties?
Would a breach invalidate your insurance if it were to be found that the correct security was not in place?
We’re not trying to scaremonger all valid questions, but with the number of breaches now regularly, these types of questions are coming up daily.