While 95 per cent of us consider cyber security to be important to our businesses, a shocking 45 per cent do not have a formal cyber security strategy. It all starts with the basics, so here are the first five steps towards tighter control over your data security.
- Establish and list what data you have stored – and where
In many cases, valuable company information will exist in multiple locations – from staff computers to services such as Cloud and Dropbox, via laptops, netbooks, desktop computers, disks and memory sticks. Consider, too, data held on social networking sites.
- Prioritise how important different data is
Attach particular importance to information which, if breached, would harm your organisation: account information, customer records, their accounting info, employee data and market insights could all fit this category. Other data losses – email archives, for example – might be deemed inconvenient, rather than “mission threatening”.
- Examine how data is accessed and transferred…
Who has access to what? Are, say, your staff records accessible to fewer individuals than your customer database, as would normally be the case? Is information exchanged by email, streamed online or simply moved around on flash-drives? Do these various types of exchanges occur internally only, or to third parties too?
- …and who can access what online
Online storage services such as Dropbox are exceptionally useful, but you need to know who uses it, for what purpose and how often in order to keep things secure. Determine how many computers, tablets and smartphones are using such services in relation to your data compared – crucially – to how many need to be. Remember: many users will keep up-to-date local copies of your files.
- And finally… tighten up
Once you’ve undertaken the above steps, pinpoint risks in your existing data policy and act accordingly. Limit all data access to the minimum number of personnel. After all, in the age of cyber-security threats, “Need-to-access basis” is the “Need to know basis” of the post–information revolution era.
The IoD has published its latest cyber security report and ‘how to’ guide.
Find out more
IoD members save 5 per cent on policies with our Cyber and Data Risks Insurance provided by Hiscox.
0800 280 0354
Find out more