International Data Privacy Day

Here are some top tips for keeping your data secure:

  • End User Security Awareness Training - Let’s start with the most important and also the most undervalued, end user education.  Most security breaches / phishing attacks start with a user of the IT systems doing something they shouldn’t, whether it be not spotting something suspicious in an email, logging in to a fake website or working in an insecure way, training the staff is one of the most effective ways of stopping security incidents.   We recommend online training / testing, phishing email simulation and breach detection (scans the dark web for compromised credentials).
  • Reliable Backup Solution - To protect against data loss, corruption and cyber criminals we strongly recommend backing up to a 3rd party service, completely separate to the live systems ‘air-gapped’ if possible.  There are a lot of high profile cases where the business’ backups have been compromised or are not sufficient and so they have had to resort to paying a ransom to get their data back (if possible).

IDPD-image-1024x683.jpg
  • Multi-Factor Authentication (MFA) – Ensure all of the platforms you use e.g. Microsoft 365, Xero etc are protected by Multi-Factor Authentication (MFA). Multi-Factor Authentication such as smart phone push, generated code, SMS, email etc mean that if your account credentials are compromised a cyber criminal would not be able to get access to your account without the generated code or responding to the push notification.
  • Password Policy – The longer the better, but 3 random words including uppercase, lowercase, number and a symbol is easy to remember so less likely to be written down, but secure because it would be very difficult to crack.  Account lockout after X attempts protects against brute force attacks and we recommend not re-using passwords for multiple services, in case they do get compromised.
  • Keep everything up to date – A lot of high profile security breaches could have been avoided simply by keeping on top of security patches/updates, worth investing in patch management and an RMM service to monitor the state of the systems.
  • Encrypt Data – Particularly on mobile devices such as laptops and phones, that leave the office / home and are easy to steal, but also storage where sensitive data resides.  This means that if they are accessed, the data would be unreadable due to the powerful encryption and so is completely useless without the encryption key.  You should also consider whether you are encrypting data in transit as well e.g. email?
  • Cloud Platform Security – You have moved over to cloud services but have you stopped to consider the service provider’s backup, disaster recovery and security posture?  You could have the best security in the world and still be let down by a 3rd party because they don’t have the same security priorities as yourselves, which is why it’s important to review supplier policies ahead of a move to the cloud where possible and on an ongoing basis.
  • Mobile Working Security – Are your staff members secure when working remotely, from home or from public places such as coffee shops?  In the office they could be protected by robust security such as firewalls, you need to consider implementing a solution such as SASE which will keep users protected regardless of where they are working from.  This solution passes data over encrypted tunnels and you can restrict your core business systems to only be accessed from the SASE service rather that other locations on the internet, so devices not enrolled cannot access your systems.
  • DMARC, SKIM and SPF – Are these records setup, monitored and reviewed regularly?  Implementing these will mean that email communication is less likely to be spoofed and the email source is validated.  This is rapidly becoming the industry standard so will ensure email delivery as well, rather than your emails ending up in a spam folder.

As you can see from the above there is an awful lot to consider and this is by no means an exhaustive list; that’s why our customers rely on us to manage their IT and IT security.

If you would like to discuss any of the above or have any questions please get in touch with us here and we will be happy to help.

< Back