What steps can you take to protect your business’ data? The new mandatory data breach notification regime has now come into operation.
Having only begun on 22 February (see our previous article explaining its implications here), we have already had companies come forward to notify a data breach (such as Svizter Australia). But what can you do to protect yourself in the first place?
Ken Hendrie from our friends at Cordelta shared his insights at our Corporate and Commercial Forum, held on 15 March 2018, helping us to prepare our 6 Quick Tips to assist you in protecting the security of your business.
Identify your Important Assets
Your first step should be to identify the critical assets that are in most need of protection. This might be your client list, systems or intellectual property — whatever is most important to your business.
It is on these assets that you should expend the most time and effort on security, as if they are not adequately protected, you may no longer have a viable business.
When identifying your important assets, take a look at the environment of your business and particularly what information other parties would be most interested in. This can determine how you appropriately allocate resources to protection of particular assets.
Use the Cloud
Many small businesses don’t have the resources necessary to ensure that their system is secure. But despite thinking that they may be under the radar and won’t be vulnerable, these entities are still at risk and should be prepared accordingly.
For those who cannot spend on security, a good solution is to make use of cloud servers. These can be a cheap alternative to embedding your own security systems, and you can feel safer in the knowledge that the host of the cloud server will maintain security.
Considering the amount of dangers out there, it is virtually impossible to have a comprehensive ‘blacklist’ of all those sites, emails and programs that can’t be trusted.
Instead, consider having a ‘whitelist’, comprised of a list of trusted email addresses and domain names which will not be blocked. This can assist in preventing spam and ensuring that you only allow access to your servers from trusted sources.
One strategy commonly used by hackers is ransomware, which denies you access to your systems until you pay to get it back. An effective defence strategy is to maintain dedicated back-up servers, which ensures that you can still get access another way even when you are locked out.
When talking security, too often the focus is on systems and computer security. It can be easy to forget that people are a fundamental part of your protection. Your employees will have access to all parts of your system, and for this reason, they must be properly trained and educated as to how it must be protected.
Effective training will ensure that your employees understand their role and what they have to do to protect your business. An understanding of just how valuable this data is to your business goes hand in hand with employee education and will go a long way to keeping your business secure.
No Silver Bullets
An important thing to be aware of is that there are no silver bullets or one size fits all security packages (and you should run from anything claiming it is). Anti-viruses and firewalls won’t protect you from everything, especially new technologies designed to defeat your existing protections.
Protection mechanisms degrade over time, especially as attacks become more sophisticated. The answer to this is to be vigilant and take active steps to update your security measures regularly.
How can we help?
As threats to business’ security and data grow ever more complex and diverse, businesses must be on constant guard against the next danger. If you need help securing your systems, contact Ken at Cordelta at firstname.lastname@example.org. If you need some assistance with your legal compliance with the new data breach notification regime, contact our Corporate and Commercial Team.