Over the last couple of years, the IT security landscape has changed in some very significant ways. Criminal gangs and nation states are now responsible for many security breaches and the resources available to malware architects are very sophisticated and easy to use. Before 2012, there were no mega-data breaches, where more than 20 million data records were stolen at one time. Today, such thefts are commonplace.
So, what can your business do about it?
1 – Passwords
Strong passwords is an important first line of defence in your data security. Make sure that your passwords aren’t easily guessed – don’t use words from the dictionary or anything that can be easily guessed. Mix up the use of numbers, upper and lower case letters and symbols so that your password isn’t easily predicted.
Recent versions of OS X will create characters made up of random characters and store them for you in the iCloud Keychain so that you can securely share them across your devices.
This will ensure that your passwords are hard to guess and that you have a different password for each different service you access. That means if one service is breached and your password is compromised that you don’t run the risk of the same password being used to access all your other online services.
2 – Two-factor authentication
Many banks and other institutions that are concerned with security now use two-factor authentication. This is where you need to provide the system with two pieces of information in order to gain access. The password works through something you know and something you have.
For example, Apple offers two-factor authentication of iCloud. Once you go through the validation process, access to iCloud is locked to devices where the user has the password and the actual device is authorised.
If you decide to access iCloud from another device, you’ll need to authorise that device via a PIN that is sent to your mobile phone or another device you authorised previously.
3 – Think about about where you store data
Cloud storage services are very popular but we’d suggest that when you consider a cloud service you substitute the word “cloud” with “someone else’s computer”.
If you plan to use online services to store your data, do some research and look into where the data is actually stored, what guarantees are given with regards to security and backups and how you can take your own backups of data stored there.
With local storage such as USB drives and network attached drives, while it’s tempting to buy the cheapest drives on the market but it’s important to do your research. Look into reliability reports – there’s little point saving $20 on a hard drive if it fails after a year, taking your precious data with it.
Also, be careful with portable storage devices. The Australian Army was embarrassed some years ago when a USB stick with sensitive information was accidentally left at an airport lounge.
4 – Backups
The only time people get serious about backups is after they’ve suffered a disaster. Securing your data means taking regular backups, storing those backups away from the office and regularly testing your backups to ensure that the data they hold can be easily retrieved.
We’re big fans of the 3-2-1-0 backup countdown.
5 – Limit access
The best way to stop data from getting in the worng hands is to protect it from the outset. As your business grows and you add staff, it will become increasingly important to plan your systems so access to data is limited only to those that need it. This ensures that only the correctly trained and authorised personnel can see and change data.