For many companies, technology is at the heart of their business and their IT systems can contain confidential and commercially sensitive data which may be at risk from attack. Such attacks can come from both external and, more often than not, internal sources (including a company’s own employees).
Keeping data safe and secure in a world of ever increasing and complex threats to cyber security is therefore at the top of many companies’ agendas, whatever their size.
Watson Burton is a leading law firm with specialist knowledge and experience in data theft cases. Here are our Top 10 tips for companies wanting to stay safe and protect their data from attack.
- Ask an authorised third party to conduct penetration testing to identify any weaknesses or vulnerabilities in your IT systems. Also identify where crucial data is held.
- Prepare an IT policy for employees to sign up to and also offer training on cyber security. All employees should be particularly alive to the dangers of unsolicited communications.
- Install a robust firewall and designate authorised individuals to manage that firewall. Also make sure you keep your software (including virus scanning software for email traffic) up to date.
- Limit and monitor access to databases and systems for employees. It is rarely necessary for employees at all levels to have unfettered access to all company data.
- Even users with special access privileges (e.g. IT personnel and senior executives) should be subject to scrutiny. No-one should be beyond reproach, no matter how senior they are.
- Restrict data transfer via removable media by implementing a lock down policy on USB ports and CD/DVD drives.
- Remote access to company systems should be securely managed, for example with “two factor authentication”. This uses two separate forms of credentials (e.g. a physical token coupled with a memorised password) to gain access.
- When employees leave the business, disable access to systems immediately and do not let them leave with any mobile devices (e.g. smartphones or laptops). It would also be sensible to have a remote wipe facility installed on such devices.
- When faced with a data theft incident, get urgent technical advice. If the attack is from within, trying to investigate a suspected culprit’s computer yourself could destroy valuable evidence.
- Finally, get lawyers on board quickly too! Legal advice is protected by legal privilege and will help maximise your chances of recovering lost data and securing financial compensation from any identifiable defendants.