Data security has always been an important topic but in light of recent events it is once again at the forefront with companies trying to be ahead of the curve, and we have broken down how data risk management can be simplified into 5 steps.
Protect Stored Data. There are a range of tools and solutions you should use to protect stored data. Educate users on risks associated with removable media and BYOD. Encrypt all stored data, implement secure firewalls and end point solutions. When storing back up and archived data, organisations should look at secure offline storage. For data that is online, consider using storage media that cannot be overwritten.
Protecting Data in transit. During transmission of data, it is at risk of interception or even modification whilst on route from point A to point B, this includes VoIP communications. Ensure you have taken the correct measures to limit this risk by ensuring all traffic is encrypted using SSL or TLS protocols. With the new GDPR coming in April, more attention will be focused on how you are moving customers/client data and how you are protecting it.
Effective IT Asset removal, transfer or disposal. There are many examples of data backups falling off the back of trucks, sensitive data getting into the wrong hands once it has been donated and client/customer records discarded (and discovered) in bins. Data security is a life cycle management issue so you need to have the correct IT asset management partner. Advance services offers secure tracked collection of IT assets, Asset reporting so you know where all your IT assets are and MoD standard Data destruction tools so you can rest assured your sensitive data isn't getting into the wrong hands.
Protection against data leaks. Regularly reviewing your Data Loss Prevention (DLP) solutions will assist your organisation in determining where the most sensitive data is stored and whether it is trying to escape. Once you have identified this, set out measures to address potential data leaks before they happen. Updating and educating users about proper data handling policies will also be helpful in stopping inadvertent disclosures and leaks.
Ensure the integrity of Software firmware information. Cryptographic hashing is a new powerful tool that enables you to test for data integrity across all file types. It is also essential to review configuration settings regularly to ensure they have not been changed, and security logs are turned on.
Data breaches can not only carry heavy fines from the ICO but also diminishes your organisations reputation. There is no doubt that following these steps will improve you overall data security and ensure your readiness for when the GDPR comes into place. Data security is an ever-changing environment due to technology associated with this so you should reassess your data security measures no less than annually to ensure your measures are up to date.