Data drives the modern economy. The ability to gather and wield it has transformed marketing, logistics and entertainment, along with countless other sectors. It’s therefore an asset worth protecting, especially for a computerised business.
But how, exactly, should it be protected? In this blog, let’s round up some basic measures for prevention. They’re easy to implement, and they’ll make a world of difference to your efforts in data loss prevention.
Keep a Firewall and an Anti-virus
This first point might seem so obvious that it barely warrants mentioning. A firewall will screen your company’s servers against attacks, while a virus checker will regularly scan your storage for malware. Install both.
Malware comes in several varieties. Some will corrupt your data, rendering it useless; others (so-called ‘Trojan Horses’) will allow hackers a means of bypassing your firewall and gaining access. The best protection comes in the form of anti-virus programs, which root and destroy malicious code.
Like biological viruses, malicious computer programs are constantly changing. Unscrupulous hackers are always coming up with ever-more-ingenious ways to compromise your system. This means that, to remain effective, an antivirus must be updated regularly with new definitions. This information allows the antivirus to recognise viruses, worms, spyware and malware before any damage can be done.
Keep Software Updated
For much the same reason, you’ll want to keep your operating systems and other programs up to date. Developers like Microsoft are keen to remind us to update at every opportunity. There’s a reason that the people who create software updates are so persistent: these patches often address security vulnerabilities that savvy hackers can exploit. Set your operating system to receive and install automatic updates, and periodically carry out software audits to ensure that key programs are updated to the latest version.
Only collect the information that you need
Hoarding sensitive data will make you a target for would-be attackers. In some cases, it’s necessary that your customers hand over their home address, sort code or national insurance number. If you’re delivering goods, after all, you need to know where to deliver them. But if you don’t need a piece of information, then don’t ask for it; doing so exposes you and your business to avoidable risk.
Change your Passwords Regularly
When an employee leaves your business, you wouldn’t allow them to take the keys to the premises with them. And neither should you allow them continued access to your systems! Regularly changing your passwords will eliminate this problem. Even if your staff turnover isn’t high, the practice will limit the opportunity for would-be intruders to access to your data.
Distribute Data on a ‘Need-to-Know’ Basis
The more people within an organisation have access to a particular piece of data, the more vulnerable that data is to being compromised. For this reason, you should allow your staff access only to the information they need to do their jobs. This policy will also make it easier to identify leaks when they occur.
Scan New Devices
Every time you introduce a new USB device onto your system, you’re presenting a possible point of entry into your business. This is so whether you’re a three-person start-up or a government-run nuclear facility! USB drives offer a convenience that your staff will want to take advantage of. But these devices can be loaded with malware, and often the people carrying them have no idea! To be one the safe side, scan every new device as a minimum, or if you’re the type of person that errs on the side of caution, ban then completely.
Be Wary of Phishing Attacks
‘Phishing’ is a practice that involves tricking a person into handing over sensitive information, often through the creation of fake web forms. From the hacker’s point of view, it’s a great deal easier to send out ten-thousand fraudulent emails than it is to break into one secure server. Phishing attacks prey on the naïve, so the best defence against them is education. Which brings us onto our next point.
Educate Your Employees
If your staff aren’t up to speed on basic data-security practices, then no amount of software will be able to protect you. For this reason, it’s important to foster a culture of vigilance. Put in place procedures that can identify and correct problem behaviour. Put up posters around the workplace reminding everyone of the importance of complex passwords (or, better yet, pass-phrases). Invest in education, and make data-security a big part of your induction process. And do all of this proactively: don’t wait for disaster to strike before acting!
Dispose of Equipment Securely
By the same token, even the most sophisticated firewall or anti-virus won’t help you with data loss prevention if, when your computers reach the end of their lifespan, they’re simply thrown out onto the nearest skip. Savvy criminals can glean sensitive data even from formatted hard drives, which means the emphasis is on you to think carefully about how you dispose of your equipment.
Happily, we here at XPO can lend a hand. We’ll dispose of your company’s electronics in a way that’s data-secure, environmentally responsible, and GDPR-compliant. Get in touch!