Today, we hear alarming news about data breaches on a daily basis. If we don’t protect data, our company could lose hundreds of pounds, its reputation, and in some cases even the business.
Perhaps we need to adopt the same approach to data security as we do for physical security. For example, our workplaces have at least two fire exit routes with well-lit signs, and regular fire alarm tests and maintenance to go with the Fire Safety Regulations. Routinely, we participate in fire drills and it has become customary to periodically run out of our office building for training purposes.
So, we have embraced fire security and it is now part of our company culture. Why not apply the same rules to our network, systems and data?
Let’s look at the measures we can take to keep our assets safe:
1. Assess what data needs e-fire protection
Identify the information that needs protection, such as customer data, financial records, marketing plans, trade secrets, employee records and client contacts, among any others.
2. Store the sensitive data in the e-fireproof data storage
Where you currently store your data can speak volumes about how secure it is. If you’re storing information in the cloud, you should investigate what kind of security measures your cloud provider is offering, are those good enough and do you need to make additional investments in software to enhance security.
3. Put protection in places where the sparks could ignite
Establish procedures to put protection in areas that are most vulnerable, including:
- Encryption – Encrypt files and data that are transmitted via email or any other media that will make it leave the company’s offices.
- Password protection – Ensure that passwords are unique and not easily identifiable. Change passwords frequently, especially when employees leave the organisation.
- Secure payment portals – This is vital if your company collects cardholder information.
- Data backup – Some ransomware variants are smart enough to also encrypt every backup they can locate, including those residing on network shares. It’s important to make 'cold' backups (read and write only, no delete / full control access) that cannot be deleted by the ransomware.
- Additional protections – Ensure that the best anti-virus software, firewalls and intrusion detection are installed.
4. Train your people on how to prevent an e-fire and use fire exits
It’s important to institute an awareness, accountability and responsibility programme aimed primarily at employees to secure the company’s defences. With compulsory training that is regularly refreshed, perhaps ask employees to sign the completion of training certificate that states that they understand the risks and will abide by the company security policies and procedures. This will ensure that employees take ownership of their role in ensuring the organisation’s security.
5. Make a plan to extinguish the flames
Despite all the planning and preparation, there is still the possibility that your company assets could be compromised. Having a data breach response plan will minimise the blow to the business, customers and external partners:
- Identify what data has been compromised and how this loss will impact your company and/or your customers
- Change your passwords, servers and storage methods to prevent further intrusions
- Determine the cause of the breach and take corrective action
- Comply with law enforcement and report the breach to the authorities, as per law regulations in your country
- Notify your customers if the breach will impact them
- Offer assistance as best you can in securing customers’ identities. For example, inform clients of the need for them to contact their credit card companies
- Assure customers that you have resolved the matter, and explain how you will protect their information going forward
- If necessary, be prepared to offer your customers restitution for their losses
The best way to minimise risk and protect your company is to plan and prepare in the three core areas: people, processes and technology. And if the worst happens, you will know how to use the fire exit and company recovery will be much quicker, if there is e-Fire Safety Regulation in place.