Are you asking the right questions to assess the threat your organisation faces from a data breach?
- Organisations usually have firewalls and anti-virus software in place – but this doesn’t mean they are secure
- The government’s advisors at GCHQ recommend that organisations adopt a layered approach to protect their business from hackers or insider threats. The layers you need depend on the risk you face and how much you want to invest. It can simple and straightforward or more complex
- New data protection regulations (which could cost your organisation up to 4% of its global turnover, if you get it wrong) will put new emphasis on data control. Find out the detail of GDPR here
To understand the risk they face, leaders need to question what is being done beyond anti-virus and accept this is a business-wide challenge, not an IT issue and give it the right priority.
Questions for leaders to ask include:
1. Where is our most sensitive, potentially damaging and most valuable information? Where is every copy of it? (This could be customer information, IP, investment plans, emails between executives . . . and much more). Who has access to it? What special arrangements do we have to protect it? Is access privilege managed (where people have access to only the things they need)?
2. How do we protect our sensitive data when it’s inside - and outside - our perimeter? How is it protected when it’s with our lawyers, accountants, contractors, consultants, etc? How do we stay in control? How do we stop it being seen or shared by unauthorised people, or being made vulnerable by their insufficient security? How can we pull the plug remotely if we need to?
3. Do we KNOW we haven’t already been breached? If something sinister has already evaded outdated security, people often don’t know it’s there until the damage is done. Knowing sooner rather than later can’t turn back the clock, but it does give the chance to limit the damage.
4. How do we protect the multiple devices we all use today (which are called 'endpoints' by the IT world)? Are they a potential weak point of access to our systems and data?
5. What do we do about email security beyond anti-virus? Do we employ tools that strip away anything that’s potentially damaging but still allows safe information through? Technology for this now exists.
6. People will always be our major weakness, how are we educating our people to the risks and dangers we face (so they can avoid them and understand the impact of getting it wrong)? What training do we have in place? How are we monitoring what our people do? What safety nets do we have in place to catch errors? How are we making up for mistakes? What's the plan if things go wrong? How do we stop it happening again?
Lots of organisations have only just started on this journey. Don't be put off if you - or your teams - don't yet have all the answers.
What matters is you're starting to give it more focus. Your business - and your future - may rely on it.
We help innovative and inspiring companies to find the answers to these questions (and more) and assess what information and cyber security arrangements are right for them.
For more information and advice on recommended approaches and technologies that can help call us on 01296 621121 or email our advisors firstname.lastname@example.org or contact us here