In this modern world, the pace within which we are becoming absorbed, surrounded and reliant on technology is increasing at an alarming rate. The degree of computerisation, automation and, in the not too distant future Machine Learning, Artificial Intelligence and Quantum Computing brings about a whole new level of socio-economic impact. The benefits are almost immeasurable now, but can we ignore the threats that come with such a technically driven environment?
Absolutely not! When it comes to implementing technology the first question any individual or a business should raise ask themselves is: How do we protect the business? Its operations, sales and finances? How do we protect its technical infrastructure; how do we protect the data we hold? How do we provide the people that work for us, or our clients the trust and confidence to share with us their critical, confidential, financial or medical data?
These questions have been simmering away across the broad spectrum of Society, growing with fervour and momentum for many years. The result being the introduction of the General Data Protection Regulations, coming into effect in May this year.
GDPR seeks to redress the balance of power in favour of the person whose data is being obtained, retained, processed and perhaps shared with others; which isn’t a bad thing. We wouldn’t be happy if someone took a tangible item from you and did what they wanted with it without your permission or even knowledge, like your car or bike, but your personal data has never been seen in quite the same light, with GDPR, the balance will shift.
A raft of legal obligations are cascading down on businesses who process data and there is a need to be able to provide evidence that reasonable measures have been put in place to protect personal data of clients, suppliers, and employees and prevent unauthorised use, access, loss or corruption.
With this in mind, let’s touch upon some of the security tools and applications to reduce the risk as much as possible, that you should be considering as essential and no longer an option.
Security Patch – Software is constantly being tested for vulnerabilities. By both the Software developers and bad guys. When a vulnerability is identified, the developer will release Patches to fix the security leak. Most recently, Microsoft have removed a lot of the user response capability, forcing such updates through as they recognise the risk to the business of failing to patch is far greater than ‘a bit of downtime while the PC restarts!’
Anti-virus and Firewall - Implement a trusted anti-virus/firewall application. This area is very much a ‘you get what you pay for’ environment. You will be hard pushed to justify a breach if you have relied on a Free tool or break licensing laws by using a non-commercial tool. Enterprise-Grade Applications are the only way to go.
Passwords – Use a combination of letters, numbers, and special characters. Do not share and change it regularly. You must start to consider a different way of working, no longer will it be acceptable to have ‘Surgery 1 and everyone know the login password’
Limit user access – Do not leave the computer unattended, lock the user profile when away. Configure mass storage restrictions. Make sure that users are disabled when they leave the organisation and other codes and door entries are also changed – physical security is just as important.
Back ups – Backing up data is a life-saving practice; make sure you have an encrypted local backup but invest in offsite secure encrypted online backup. BE CAREFUL; there are a lot of products out there with amazing headline prices but you have to make sure they confirm to the GDPR regs and encryption rules (and don’t have hidden costs when you need your data back in a disaster scenario!!) Backup regularly and keep a few months/weeks’ worth of backups.
Internet & Emails – Browse and access trusted links/sites and attachments. Avoid free downloads from unknown sources. Most Ransomware attacks don’t come through browsing the internet, most come from fake emails with links which encourage a user to turn off the network security enabling an attack from within.
Remote connections – Use secure and encrypted connections to connect to your workplace or remote resources – again, free or non-commercial products are likely not to have such secure connections and place your entire network at risk.
Knowledge – Stay up-to-date with latest information on technology and security of your data – look out for e-shots from Microminder – if in doubt…ask!
Stand up against the serious threats to your business and personal data. Protect your data to protect your business.
Author: Sandip Parekh is the Service Engineer Manager at Microminder. He’s worked with the team for over 10 years. On a day-to-day basis, he is the ‘go to guy’ for field and telephone support engineers. He has seen the evolution of technology, capability and risk in his time and speaks with authority about this subject matter.