So often we have customers asking about security and what they can do to ensure their IT is as secure as it can be. This has become more of an issue with the concept of “Bring Your Own Device” and also with the massive demands for remote working.
However, there are two aspects to all of this:
- What security can reasonably be controlled electronically and
- What security is still the responsible of users and management outside of the technology
Whilst IT can help mitigate such issues, internal business and HR policies MUST be the drivers towards a secure environment. As a business, it is very important to make sure that you understand what vulnerabilities your business has and also how important your data is to others. A lot of businesses don’t suffer any targeted security breaches simply because their data is not of any use to anyone else. More often than not, kinds of industrial espionage mainly circle around either intellectual property or customer details. For example, if you are a recruiter, your database of customers could be valuable to a competitor.
Most people ask what they can do to mitigate these issues from an IT perspective. Usually an independent security consultant would scare the living daylights out of them with scenarios which, in the true scheme of things, are relatively unlikely to occur. This is especially so in an SME environment.
There are some good rules of thumb which can be applied to HR policies to mitigate the risk of losing data…
- Always lock your PCs when leaving them unattended. This can be automated for Virtual IT customers, just speak to your account manager
- NEVER give your password to anyone else or write it down
- Avoid forcing users to change passwords too often, as this will make them confused and more likely to write them down
- Never select “save password” on any machines which have access to company data and which you may leave unattended (a home machine for example)
- Always set strong passwords, or even a pass phrase (sentence)
- Avoid logging into your PC from an untrusted or random machine as it may store your password
- Always change any default passwords to your own passphrases.
With just the above simple rules, you can mitigate your risk to a massive degree. Before investing loads of money on advanced technology which may just be over kill for the job. Most of the above is as much common sense as locking your doors and windows when you leave your house.
If you have any questions on the best way to secure your environment please feel free to contact our team.