Data Security: 9 Ways to Protect Your Workplace from Cyber Threats
Could your business thrive without the internet?
It’s not very likely.
The internet has become an indispensable tool, assisting businesses in so many ways, from reaching new customers to enabling the mobile workforce to do its job.
But being constantly connected increases the risk of online theft, fraud and abuse of confidential data.
The Shred-it 2014 Information Security Tracker showed that businesses of all sizes, but particularly small and medium enterprises (SMEs), are still putting themselves at great risk of a data breach because they are not correctly disposing of electronically stored information. A major risk factor is that they often don’t have proper security policies and plans in place: in fact, 51% of SMEs said they didn’t have a cybersecurity policy. And 32% have never disposed of hardware containing confidential information that is no longer needed.
According to the Ponemon Institute’s 2014 Cost of a Data Breach Study, the average organisational cost of a data breach to UK businesses is now more than £2 million, including nearly £1 million in lost business. And a 2014 study by McAfee Security estimated that the annual cost of cybercrime globally is the equivalent of £226 billion.
Data security has to be a number one priority. The risks and threats are greater than ever. Every business needs to have a plan in place to protect their confidential information. Without a plan, they are opening the door to loss (reputation, money and business), identity theft, criminal fraud and cyber theft.
Here are 9 ways a workplace can improve its data security and protect itself from cyber threats.
1. Perform regular risk audits. What information is collected and how is it stored? Who has access to this information? How is the information protected?
2. Put someone in charge of cyber security. Their responsibilities should include researching current threats and security options, and implementing and monitoring safeguards.
3. Create a security plan (in writing). The plan should list all a company’s policies and best practices, and action to be taken if there is a security breach. It should be updated regularly. And all staff should know what the plan is.
4. Utilise all forms of IT safeguards and update and patch regularly:
- Anti-virus protection
- Anti-spyware software
- Secure internet connections with firewalls
- Encryption software
- Password policy
- Spam filter
5. Educate employees. Security awareness training should be on-going. Have non-disclosure agreements in place with employees and make sure they know not to answer suspicious e-mails or reveal confidential information.
6. Develop a mobile device policy. Lost or stolen devices are still one of the biggest security risks to a company. All devices allowed on company networks should have adequate security protection in place.
7. Use physical security safeguards and a clean desk policy. All business premises should be secured and locked, and have a sign-in procedure for visitors. Employees should not leave sensitive and confidential documents unattended on their desks, and should password lock their computers.
8. Store data safely. Back up data regularly and keep it in a safe and secure place. Keep up-to-date records of what sensitive and confidential information a company has, its location (server, external hard drive, cloud, filing cabinet etc.) and how long it needs to be kept.
9. Destroy all information when it is no longer needed. It is critical to physically destroy sensitive information at the end of its lifecycle – whether on paper documents or stored electronically on hard drives or other devices.
If you have old IT devices in storage maybe it’s time to review what’s lurking in your cupboard?
Join the conversation with Shred-it on Twitter @Shredit_UK