As you will no doubt know, both from our previous blog post, and the numerous emails you’ve received about GDPR, data is everything.
Regardless of the reason for you holding data, under the GDPR guidelines there is an increased need to demonstrate you are holding all of your data securely. And by that, we mean your employees’ data, your own business data and that of your customers and prospects.
There is no one size fits all answer to security. But here are some easy steps you can take:
Oh, before we launch into those, we’re aware that we have used some “techie” phrases in here. As you know, we like to talk plain English wherever possible, but sometimes we can’t avoid it, so here’s a quick heads up on what we mean, before you dive into the easy steps…
Encryption –this is just fancy speak for protecting something (an email, a file or the whole computer). The data/file contents are scrambled into an encoded format using an algorithm and unlocked using a password, so only authorised personnel can access it. There are different levels of encryption, dependent on the nature of the business, but our recommendations are based on standard B2B companies. We can give you additional advice if you work in healthcare or finance, for example.
This provides a layer of protection for the whole computer, requiring you to use a password before the machine boots up properly. If you run Windows 8 or 10 Pro or Enterprise BitLocker is included, and is a very good option for this. BitLocker is also available with the Enterprise version of Windows 7.
If you run Macs, then FileVault 2 is available in OS X Lion or later, which does a similar job.
We also work with Sophos, who provide anti-virus & security solutions. Sophos can integrate with Bitlocker to provide you with a managed solution. The advantage with this option is that you can run it across your whole network – managing both desktops and Macs to ensure everybody’s machine is protected.
This will make it very difficult for anybody to access the machine, if your desktop is stolen, or a member of staff leaves a laptop somewhere.
Whenever you send any kind of data with personal information, or company sensitive info, you should always send this via encrypted email. The best way to do this is via Office 365 – although some encryption is available with every plan, full encryption is only available with the E3 plan.
There is a little bit of setting up required, including a couple of adjustments on your domain name, so do let us know if you need some help.
If you don’t run Office 365, then clearly we need to talk! Only joking, well actually we are not, we should talk, but in the meantime, there are third party applications that can provide encryption too.
In general, data is more secure when stored on your individual desktop, than it is in the cloud. Whilst it isn’t necessary to protect individual files if you follow the steps above, you can use the Microsoft built in encryption tools to password protect particularly sensitive files.
When you have remote workers, who may work in unsecured environments such as public areas and cafes, you should consider additional security measures. One way of doing this is through something called two factor authentication. You would have a device that generated a new 6-8 digit password every 60 seconds, which you need to sign into the network. This is used in conjunction with your password, so if anyone sees you type your password, the next time you sign in the code has changed – this ensures the person signing in to the computer is who they say they are. If you work in a regulated environment, or hold sensitive data, this is particularly relevant to you.
And, a word to the wise here, there are lots of schools of thought on the creation of passwords, but you should ensure security is tied into at least one of your company policies. No employee should have post-it notes with passwords stuck to their monitors. And no member of staff should be using generic passwords such as pas sword123 – the most commonly used password in the US!
Every company has a different set up, with different systems, software etc, so there is no substitute for getting an expert in to verify if you have done all you can to secure your data.
If you would like a review of your IT security, please contact us on 01784 437 123.
If you’d like to learn more about how we can support your IT systems, please get in touch …
The White House, 53 High St, Egham TW20 9EX