Where is your business data and how secure is it?
We regularly talk about cybersecurity and the need to make sure your data systems secure. However, one item that rarely gets mentioned is the actual data sitting behind your company’s IT systems.
In addition, many cybersecurity breaches that happen today encrypt corporate data.
As a result, governments all around the world are looking to tighten up their legislation on data as more and more breaches happen.
For instance, this has already happened in Europe with the introduction of GDPR.
Of course, you might not operate in Europe but if you have clients based in Europe the legislation applies also to you.
With all their new rules in place, you must know exactly where your company data is located, how it is being secured and if it’s being backed up.
So here’s our list of the most common locations for company data to be stored:
1) Cloud services
10 years ago, cloud was a new thing in the IT world but it’s become so prevalent now. With the majority of email services cloud-based, this is the number one most common location for all types of company data to be stored. What’s lurking inside your inbox or more importantly your HR departments? A lot of CV’s and data on individuals you may have on file. This needs to stay secure otherwise you could be in for severe fines.
2) Desktop and laptop computers
This is the most obvious location where data is kept. What’s important is that you have some form of encryption on all devices. So that if anything ever goes missing, there is a limited chance of the data being accessed.
3) USBs, portable storage, and memory cards
Many government agencies have had all sorts of breaches due to the use and loss of USB drives. The best advice we can give you is to restrict the use. Or an all-out ban on the use of USB storage devices within your business. Whilst it’s very practical for transferring files, it’s also very easy to lose those files.
4) On-premise servers
Even if you have cloud services on your IT infrastructure, there’s a good chance you also have on-premise servers doing some basic functions. The most common include network file shares, printer servers and directory services.
Whist you may have really good software and systems protecting these servers, the question we ask is about physical access. How easy would it be for someone to access these servers physically in your office?
That is to say, are they locked in a server room or just in a spare office cupboard? Who has access and what type of procedure do you have in place to gain access to these locations?
5) 3rd party suppliers, contractors, and consultants
It’s fairly common for larger sized businesses to have a constant flow of suppliers, contractors, and consultants touching many aspects of your business. With these interactions usually comes the transfer of data. What’s the company policy on the supply of data to 3rd parties? Do you have an NDA in place? Do you have a questionnaire that’s reviewed by IT to establish what security is in place with these 3rd parties?
Most importantly, would a breach invalidate your insurance if it were to be found that the correct security was not in place?
All valid questions, we’re not trying to scaremonger. But with the number of breaches now taking place regularly, these types of questions are coming up daily.