How to minimize the risk of cyber attacks and data breaches
The statistics released by the Federal Criminal Police Office of Germany show the sad reality of more than 108,000 registered cases with a clear-up rate of only 32 percent for 2020. Now if you think this only concerns less technically oriented SMEs, you're mistaken. Even large companies from all industries and well-known institutions have already fallen victim to hackers: the German government, a university hospital in North Rhine-Westphalia, several research facilities in the EU, and even Facebook have joined this inglorious list.
Do you want to spare your company from the same fate? Then take care of your data security! In this article, we'll tell you how you can benefit greatly even from small changes.
Data security in the company
How best to tackle corporate data security
So, you want to improve the security of your company, especially with regard to data? Then you should start by dealing with these two questions:
- What do I want to protect?
- What risks do I want to analyze, and how do I want to guard against them?
To identify the risks, you should work your way from the outside to the inside:
- Then check the software you're using, from the firewall and WiFi through to the various (Windows) computers.
- Last but not least, identify the potential threats posed by your employees. This is perhaps the most difficult task, as cyber attacks and data leaks within the company are usually impossible to prevent.
Collect your individual answers as the basis for your security strategy. Security experts have also come up with clear recommendations for improving data security for companies of any size, from SMEs to big corporations:
- Update your software regularly: operating systems, drivers, smartphones and IoT devices should always be up to date.
- Never leave security gaps open when a piece of software reaches the end of its life, but upgrade the system concerned.
- Thoroughly check the cloud or web software provider you trust with your data. This particularly applies to companies based in third countries like the USA. You should only upload confidential information in encrypted form. We're talking about the possibility of economic espionage here.
- If necessary, consult external experts. They can perform penetration tests on your systems and identify potential for improvement.
In matters regarding data security, you should always involve your employees on all levels. Passwords, in particular, pose a great risk that you can minimize. Your employees should ideally use a different password for every application, preferably one that is as long as possible. Password managers are a great option to help your staff with the daily juggling of their various passwords and to increase their acceptability. They store the login data securely in a container that is "unlocked" with a master password, so your employees only have to remember one password.
Work digitally at home – create a secure home office
In the course of the Covid-19 pandemic, many companies have ordered their employees to work from home. While this means a gain in freedom and flexibility for some, others feel increasingly under pressure. Especially when it comes to data security, this applies to everyone working remotely as they have to deal with the "insecure" environment at home on their own. There are various reasons for this:
- Third parties (family, friends, visitors) might view internal documents and data they are not legally allowed to access.
- The home WiFi router is only rarely updated or maintained, if at all.
- With no colleagues or IT specialists around, people are often much more hesitant to check with the company if they receive what could be a phishing mail.
To ensure data security for remote working, you need to cultivate a sense of responsibility and awareness among your employees.
- Sensitize your employees to this topic.
- Prepare them for the potential threats posed by cyber attacks.
- Provide them with clear guidance on how to handle information, applications and devices.
Ideally, provide your employees with enterprise computers so that they don't access the company's network with their own "insecure" notebooks.
Mobile first? The pitfalls of mobile working
"Bring Your Own Device (BYOD)" is a common trend that many companies have been following in recent years. It means that employees use their own personal devices for work. Quite a risky approach to the processing of company data, as non-specialists hardly ever know which apps and programs access confidential information. The same applies to enterprise devices that have been approved for private use. Companies who can't or won't switch to business smartphones, tablets and notebooks might want to look into offers for mobile device management systems. These can be used for the segregation of private and business-relevant data and software. With MDM, enterprise applications will only run inside containers on the device, which greatly increases data security.
Regardless of whether your employees are using their own or enterprise devices, you should keep in mind the three most important factors for data security:
- Make sure all your software is up to date, be it operating systems, apps or security software.
- Always use the latest WiFi encryption system and a modern router.
- You should also set up a VPN connection (tunnel) for external access to your enterprise network.
As it's always better to be safe than sorry, companies of any size should proactively deal with the issue of data security, and not wait for a cyber attack or other security breach to happen first.