We regularly talk about cybersecurity and the need to make sure your systems secure.
However, one item that rarely gets mentioned is the actual data sitting behind your companies IT systems.
The majority of cybersecurity breaches that happen today encrypt corporate data.
As more and more breaches happen governments all around the world are looking to tighten up their legislation on data.
This has already happened in Europe with the introduction of GDPR.
Of course, you might not operate in Europe but if you have clients based in Europe the legislation applies to you also.
With all their new rules in place, you must know exactly where your company data is located, how it is being secured and if it’s being backed up.
Here’s our list of the most common locations for company data to be stored:
1) Cloud services
10 years ago cloud was a new thing in the IT world but it’s become so previlant now – with the mojorty of email services cloud based this is the number one most common location for all types of company data to be stored. What’s lurking inside your inbox or more importantly your HR departments? A lot of CV’s and data on individuals you may on file – this needs to stay secure otherwise you could be in for severe fines.
2) Desktop and laptop computers
This is the most obvoius location where data is kept. What’s improtant is that you have some form of encryption on all devices so that if anything ever goes missing there is a limited chance of the data being accessed.
3) USBs, portable storage and memory cards
Many government agencies have had all sorts of breaches due to the use and loss of USB drives. The best advice we can give you is to restrict the use. Or an all-out ban of the use of USB storage devices within your business. Whilst it’s very practical for transferring files it’s also very easy to lose those files.
4) On-premise servers
Even if you have cloud services on your IT infrastructure there’s a good chance you also have on-premise servers doing some basic functions. The most common include network file shares, printer servers and directory services.
Whist you may have really good software and systems protecting these servers the question we ask is about physical access. How easy would it be for someone to access these servers physically in your office?
Are they locked in a server room or just in a spare office cupboard? Who has access and what type of procedure do you have in place to gain access to these locations?
5) 3rd party suppliers, contractors and consultants.
It’s fairly common for larger sized business to have a constant flow of suppliers, contractors and consultants touching many aspects of your business. With these interactions usually comes the transfer of data. What’s the company policy on the supply of data to 3rd parties. Do you have an NDA in place? Do you have a questionnaire that’s reviewed by IT to establish what security is in place with these 3rd parties?
Would a breach invalidate your insurance if it were to be found that the correct security was not in place?
All valid questions, we’re not trying to scaremonger but with the number of breaches now taking place regularly these types of questions are coming up daily.