Where on earth do you start to educate your workforce that ‘carelessness costs’? You could begin by taking a look at the server cabinet or behind that formidable bank of desktops.
Is your cabling a dead ringer for Spaghetti Junction? One misconnection and you may be waving goodbye to valuable data by the terabyte.
We should start with the basics. I know you’ll say it’s obvious but do you have a no drink rule near your company’s computers to avoid spillages, and are all circuit-breakers and other switches well protected from random movements or cleaners thinking they’re saving you money by switching your PCs off?
Keep your IT room secure at all times
Do you have a spreadsheet of all your office key holders? Are there any times when the IT room is not secure …like when you get tempted to prop open the door for deliveries and leave the room momentarily un attended and open to all-comers.
Do you visit your company’s data centre regularly? The staff there need to know you care and at the same time you can check up on daily practices. Seeing dedicated data terminals turned into desktop PCs during the lunch break does not bode well for security.
You wouldn’t believe the passwords people dream up . . .
While you are there, talk to staff about your ‘new password policy’ – you’ve just invented it so now make it real! In a recent survey on passwords, the worst two to come up from among more than two million leaked passwords were ‘123456’ and – would you believe it? – ‘password’!
In fact, different sets of sequenced numbers from 1-10 and basic popular sport names made up the top 10 worst passwords. So encourage them to use Password Manager, a program that enables you to organise and protect passwords and create random, new ones.
A password policy to hoodwink the hackers
Pull together a robust password policy. Go for strong passwords with upper- and lower-case letters, numbers and symbols. Use a separate password for every registered site and change it every 30-60 days. And get a password management system. Anything to throw the hackers off the scent.
Encryption, too, is essential and if staff don’t take the right precautions, you can always get your vigilant IT people to revoke the decryption key specifically used for company data. You can insist on retaining encryption keys.
You can also opt for ‘containerisation’, which is a method of separating business apps and data from private users’ own personal data, ensuring your business data stays encrypted.
Perceived ‘speed and convenience’ not the best option
Staff can be blinded by a perceived need for speed and convenience and they will often opt to use email as a direct route. But emails can be hacked routinely, as various News of the World journalists will tell you, so get your staff to think twice before sending sensitive information without encryption.
Instant communication methods now include collaborative web conferences, chatrooms, videoconferencing, Skype and even apps that collect information on people’s spending patterns – providing plenty of places to lurk for the dedicated hacker. The Economist magazine has highlighted the trend towards outsourcing where outside contractors are given access to company systems, yet another potential source of data breach.
It cites content management as one method of monitoring data, organising it and specifying which staff have access to it, though companies have sometimes found it difficult assigning access privileges to specific staff, a task not made any easier by the people in charge often moving on after a year or two.
Monitoring data outflow is key
Another thing to consider is data loss prevention programs that detect data being sucked out of your system. Or network forensic programs that can monitor your whole corporate network and detect suspicious patterns in data movement.
These are the sorts of measures where the digital forensic experts in a corporate intelligence agency such as Blackhawk can come into its own. Call them in early and you’ll save yourself time and money in the long run – your detection system will run smoothly without you or an equally skilled colleague having to waste seriously expensive management and selling time standing over operators with a manual in your hand.
Be bold – ban memory stick and online messaging
But you can also measures that require no expertise. Why not just ban memory sticks and the use of certain online messaging and chat channels during office hours?
You can stop or drastically reduce your staff’s use of their own devices in company time, and introduce an email-monitoring program for all company computers which will instantly tell you if there has been a data breach – and too much staff time spent ordering private items off Amazon, for instance.
Set out a clear policy on personal internet use and insist staff do not transfer any company data to their home PC – if they press the wrong key they can potentially gift your trade secrets to a competitor or worse.
Find out where your system’s out of date, then dump it
And lastly if you’re at all worried about any of your hard- or software being out of date, use vulnerability management software to show you which parts of your system are out of date. Then just simply take them offline immediately.
But all this takes time and effort – commodities you probably need in bucketloads in the current post-Brexit. The solution is to go for the professional touch of an agency like Blackhawk, with a tried and tested reputation for results over the past 15 years. Time, money – and health. That’s what you have to think about.