Basic Protection Tips for Client Data
Online security is more important than ever in this day and age. Cyber crime is on the rise, and with 72% of British consumers concerned about the safety of their personal data, it is evident that businesses need to prioritise using secure communication methods in every aspect of their digital work.
This is especially essential when storing and sharing high net worth client data with other team members and business partners. But what steps can companies take to ensure that their client data is secure? Read on for our essential protection tips.
Firewalls
Firewalls are a must these days and sit between your network and the outside world to help prevent unauthorised access. But one thing that businesses often overlook is that part of effective firewalling involves additional services to protect against attacks and viruses. However, today's attacks are much more intelligent and simply installing firewalls will not be enough to protect you.
Are your firewalls running these additional layers of protection? If you don’t know or if you don’t have this enhanced protection you can get in touch with us to discuss.
Self Hosted Infrastructure
Using a cloud service may cut costs, but this comes at the expense of an added security risk due to your data and services being hosted on a third party's infrastructure.
Despite their best efforts, cloud/hosting providers are also susceptible to targeted attacks and to requests for information/data from law enforcement agencies. Running your own dedicated infrastructure allows you to have total control over your network and data.
If your cloud hosting/provider suffered an attack or loss of your data, would you know?
Patches and Updates
Ensuring that your operating system, applications and hardware are kept up to date.
Timely and regular updates are crucial to making sure that your company is not taking unnecessary risks. Many security breaches would have been entirely avoided if the business had simply deployed the latest security patches.
Don’t leave your company open to preventable cyber-attacks by forgetting to update your system and fix known security holes.
When was your system last updated? Do you have a patch schedule/management system in place?
Encryption
All sensitive data should be encrypted in both transit and rest. Your servers, laptops, mobile and usb keys etc should be encrypted to prevent data leak if lost or stolen.
When data is moving (whether it be data to/from a cloud application) or a VoIP call to a colleague, it should be encrypted end to end so attackers cannot view the data during transit.
Do you know for sure that your data is safe and has not been leaked?
Control Removable Devices
One way to stop personally identifiable information and intellectual property from getting out of the office is by putting a device management strategy in place. Any removable devices should be vetted to avoid both data loss and the introduction of viruses. This may be a company owned/managed device or even an employee’s own laptop/mobile.
Would you know if a company device was lost or an employee’s own device was connecting to your network?
Additional Login Protection
Guidance for creating strong passwords varies considerably, and so many companies fall short when it comes to password protection.
One pitfall to be aware of is that forcing employees to create their own complicated passwords can easily backfire. What often happens is that the employee will generate a single complex password that they can memorise and use across their company logins.
This inadvertently causes a weak point in the system, as one compromised password can be used to grant access to different systems and services. To avoid the problem, businesses should use multifactor authentication to add a layer of authentication for logging in. This can be in the form of a usb token or a mobile app.
Do your staff use the same password for non-work accounts? Do you use additional security to log in to your applications/resources?
Proper Training
Another key thing is to implement a data protection policy for employees to follow. The policy should outline all the steps that users need to take to keep client information secure.
It goes without saying that training your staff in basic digital security is a key part of any data protection strategy. Employees should be made aware of the dangers of opening unsolicited emails (particularly those with attachments or external links) and should know what to do if they spot suspicious activity.
Would an employee be able to spot a phishing attack? Is there a process in place to allow employees to report a data breach?
If you follow these essential tips, your business will be laying a strong foundation for protecting its client data. However, there is even more that can be done to safeguard confidential and intellectual information. It is worth speaking to our experienced team for personalised expert advice on how you can improve your company’s security.
By Alex Delaney