Data is the lifeblood of most businesses, whether that's data about customers, your products, employees or anything else. But what would you do if that data got in to the hands of someone else?
Data loss can come in many ways and we don't want to think that our own employees could be the source of that leak, but whether malicious or accidental, it happens more than you think.
Let's look at how data loss could occur:
We've all used USB sticks to transfer data, or share data with others, but how do you ensure that people don't save information with others that they shouldn't? Or, what if that USB stick gets stolen or lost, how was that data protected.
Ensure you use encryption by default when giving employees USB sticks and have a policy in place that restricts the use of their own USB sticks.
Even with all the computers, devices and cloud storage, we still use physical copies of documents. You need to ensure that any hard copies that contain personal, sensitive or financial information are stored, shared and destroyed of securely and correctly.
More and more of us are using cloud storage to save our data and it is a good solution, it allows access from anywhere, easy sharing and is often backed up. But sometimes that ease of use is the problem. Employees can access the cloud services on personal devices, or share with people they shouldn't.
And sometimes employees might use a personal cloud solution to save company data so they can work from home, but how do you know who has access to that or how secure that service is?
Ensure you educate your employees on what is and what isn't allowed and ensure you choose a secure cloud provider.
When employees access personal email on company systems, it introduces risks. Whether they click on phishing emails that infects your network, or send confidential information to themselves to work at home, this can cause huge problems.
Your employees will have access to a device which is capable of recording audio, taking photos and videos and could be used for malicious purposes. They may innocently take photos or copy data to their device to work on away from the office, but that data could still be lost of stolen.
As you can see, there are many ways in which data can be lost, whether maliciously or accidentally and you need to do the following:
- Educate users on the risks
- Put policies in place to protect your business
- Ensure appropriate controls are in place (such as anti-virus, encryption, etc.)
- Provide encrypted USB sticks and lockable filing cabinets
You don't want to stop your employees from being productive, indeed they should be given some freedom and trust to do the best job they can. If you have too many restrictions in place, you may give yourself more problems.
It's always best to be open and honest with your employees and ensure they have the right tools to do the job, but in a secure way.
Buy our cybersecurity training and toolkit to help stay ahead of the game.