As IT professionals, we are constantly on the lookout for innovative new security threats. Although, where breaches do occur, they often come back to a number of all too familiar failings.
Below are 5 areas in which companies frequently fall down – so please check your own performance against the list below and ask if you have any questions.
1. Update, update, update
As the recent Java security vulnerability highlights, patch management is vital to ensuring your data remains secure. For companies with a small number of devices, updating each one manually might be relatively straightforward. However, larger organisations may wish to consider a system of automated updates.
2. Don’t let mobile data go AWOL
Password protecting mobile devices is not adequate protection. If a laptop is stolen, all the thief need do is place the hard drive in a different computer and they can then access the content.
Companies concerned about confidential data on mobile devices should implement encryption on both a system level and file level. Enterprise versions of Windows include encryption facilities and there a range of premium programs which can help secure your work. Additionally, users can apply passwords to both their BIOS and their operating system.
3. Lock down data
Many companies are not doing a good enough job of keeping tabs on their data and sometimes the greatest threat comes from within. Restrict the use of USB drives so that the flow of data in and out of your network is controlled. Third party applications can help shore up your ‘endpoint security’ by preventing staff from downloading customer lists and other confidential data to their smartphones.
4. Make sure your cloud does not drift away
If a cloud service has its servers located outside of the EU, storing private data on the service could potentially be in breach of EU law. Ask your cloud provider for written confirmation that the service is within the European Economic Area (EEA). If they are in the US, ask for proof that they are signed up to the ‘US-EU Safe Harbor Framework’. If their servers are outside the EEA and the US, seek advice form the Information Commissioner’s Office (ICO).
5. Test your backups and backup your backups
Checking the integrity of backups is a task often overlooked. Sometimes the most consummate of professionals is so confident of the stability of their primary system that they don’t dream of checking backups.
When the day comes that primary servers do fail, a company needs to have 100 per cent confidence in its backup. Please note that best advice recommends that data backups are tested periodically, even if this is a simple spot check by attempting to recover individual files.