You should consider ways to keep your data safe and to avoid being caught out by scammers.
Here are some pointers which we picked up at a recent seminar on security :
Protecting Your Data
- Remember to always take data security seriously
- Identify areas of vulnerability in your business
- Strengthen any weaknesses identified
- Secure your photocopiers/fax machines if necessary
- Ensure that an appropriate privacy statement is embedded into your website
- Adequately protect any mobile/remote systems
- Designate more responsibilities and controls
- Backup your data!
Data Protection Act
- Ensure you are aware of your personal responsibilities under the Data Protection Act
- Ensure that ALL forms of data that are used to collect personal information have full disclaimers
- Specify how the data is to be used and how long the retention period is
- Review your key ‘at risk areas’ – adopt a clear desk policy, review computer security, email management, fax management and HR policies
Protecting Mobile Devices
- Have a centralised way of managing mobile data
- Keep data inventory – know exactly who has the data? Where is it? Where is it going?
- Devices should be encrypted and authenticated – decide what information can be on the device…. If it shouldn’t be there block it!
- Provide user education for employees – explain what devices are authorised & what’s not authorised, and explain what the risks are if an unsecure device is used
- Access should be given only to those employees who need it – when they need it
- The way the devices are tracked should be monitored
- Data transfers should be restricted
- Implement a security policy that manages all stages of risk assessment and threat from installation to retirement of the devices
Managing Cloud Computing Risk
Know your provider – make sure they are legitimate and reputable
Ensure the cloud provider will keep your data secure and confidential
Have safeguards in place to prevent tampering, leakage or loss of data or service
Put disaster recovery plans in place to prevent downtime/loss of service… Can you get your data back???
Small print in the service supplier’s contract - can you get your data back if you no longer wish to use the cloud provider services?
Ask your cloud provider if they comply with ISO27001/2 and British Standard 25999 (Business Continuity)
Consider your obligations under Data Protection Act – where is the data held?
Question the cloud provider from the outset of the contract and get written assurances about security and the location of their servers
Establish a cost model including costs to restore deleted data and/or modify applications
Build in level of access to the service level agreement (SLA) and understand it
Keeping Safe Online:
Social Media - How to protect yourself:
- Ensure you have a personal firewall and adequate anti-virus protection
- Run software updates when released – (e.g. Windows Updates)
- Use the most up to date version of web browsers – Firefox, IE, Safari
- Enable privacy settings on all of your profiles
- Be cautious about the amount of data you post online
- Use different passwords for each of your profiles
- Always check an “app’s” source before downloading
- Read & understand the security instructions on the site
- Be wary of strangers online
- Accept ‘friend’ requests or reply to postings from people you do not know
- Post more information about yourself than necessary
- Disclose sensitive information or photos/videos that could harm family, friends or employers
- Expose your whereabouts unnecessarily e.g. on Triplt/Facebook etc.
- Advertise when you are going on holiday for example on Facebook
Basic Things To Remember
- Install firewalls onto your IT systems to prevent outside parties from gaining access to your information
- Keep anti-virus and anti-spyware software up to date and download the latest security updates
- Use encryption where possible to protect information contained in emails or stored on laptops or other portable devices such as memory sticks or PDAs
- Destroy old computers, back-up tapes, memory sticks etc. using a specialist shredding application or seek the services of a reputable third party contractor
- Clear out temporary internet files, cache and history files (also monitor third party cookies)
- Use Anti-Malware and firewall systems and keep them up to date
- Use authentication to allow only authorised people through your perimeter
- Establish & Enforce mobile device management for all remote working
- Use data loss/prevention technologies, to prevent data being leaked, & data destruction policies
- Use encryption to protect your most valuable or sensitive data in addition to strict password policies
- Train your staff in security awareness (safe surfing and recognition of email scams/phishing attacks)
- Implement policies concerning the use of social media and BYOD
- Emails may not be from the person they say they are from
- Be wary of attachments they may contain viruses
- Examine links carefully as they may look OK but are they? – for instance is the letter l in a link to lloydsbank.com actually the number 1 (one) instead - if so it could take you to a phishing site which could look like your banks website but isn’t
- If it looks too good to be true it probably is!
Bank Safely Online
- Consider signing up to security software provided by your bank, such as Trusteer Rapport
- Only access online banking from computers, phones or other devices you trust, over a secure WiFi connection – not the one in the coffee shop!
- Check your bank statement regularly for any unauthorised transactions
- Keep your computer, tablet or mobile’s web browser, operating system and anti-virus up to date and run regular scans
- When logging in, check that the address bar starts with https//: (not just http//: ) and that there is a padlock sign showing – this shows it should be secure
- Banks will never ask for your debit card PIN either online or over the phone