Cybersecurity and the importance of securing your systems are topics we discuss often. Despite this, the actual data residing in your company’s IT systems is rarely talked about.
Cybersecurity breaches today most often involve encrypted corporate data.
Increasing numbers of breaches are causing governments to tighten up their data protection legislation.
As a result of GDPR, this has already happened in Europe.
Although you might not operate in Europe, if you have clients in Europe, you are also subject to European law. Due to all the new rules in place, you must know where your company’s data is located, how it is secured, and if it is backed up.
We’ve listed the most common locations for company data to be stored here:
1) Cloud services
A decade ago, cloud was a relatively new concept in the IT world, but now it has become so prevalent – with most email services being cloud-based, this is the most common place for company data to be stored. Are you aware of what lurks in your inbox or, more importantly, in the HR department? If you keep a lot of CVs and data on individuals on file, you could get fined severely.
2) Desktop and laptop computers
This is the most obvious place where data is stored. It is important to have encryption on all devices, so that if anything goes missing, there is a limited chance of accessing the data.
3) USBs, portable storage and memory cards
There have been numerous breaches caused by the loss or misuse of USB drives in government agencies. Restricting the use is the best advice we can give you. Or an outright ban on USB storage devices within your company. It’s very convenient for transferring files, but it’s also very easy to lose them.
4) On-premise servers
There is a good chance that you also have on-premise servers performing some basic functions even if you use cloud services. Network file shares, printer servers, and directory services are the most common.
Although you may have great software and systems protecting these servers, we ask about physical access. Is it easy for someone to access these servers physically in your office?
Do they live in a server room or in a spare cupboard in the office? Is there a procedure for accessing these locations and who is responsible for it?
5) 3rd party suppliers, contractors and consultants.
It’s fairly common for larger sized businesses to have a constant flow of suppliers, contractors, and consultants. As a result of these interactions, data is usually transferred. What is the company’s policy on providing data to third parties? Is there an NDA in place? Does IT review a questionnaire to determine what security measures are in place with these third parties?
If the correct security was not in place, would a breach invalidate your insurance policy?
Those are all valid questions, and we don’t want to scaremonger, but with the number of breaches now happening regularly, these types of questions are becoming more common.
You can contact us today to learn more about other locations where your company’s data may be stored and how to protect it.