IT Security Advice
Technology is interwoven into the workings of most organisations and it is essential that your systems and data are secure in order to protect your business.
IT Security can be split down into two main areas – Physical Security and Logical Security.
Laptops and Smartphones:
Portable devices such as laptops and smart phone are particularly vulnerable to theft and loss. Smartphones like the iPhone or Blackberry are really small networked computers. They run programs and can store thousands of documents in memory. If stolen, an unsecured smartphone could grant access to your private information, email correspondence, address books all of which could be used by fraudsters for identity theft and cause business disruption.
A recent survey found that more than 900 laptops a week go missing at Heathrow airport alone and more than 60,000 hand-held devices (including blackberry’s and iphones) were left in London black cabs in the last six months. General recommendations to prevent loss include:-
- Secure your laptop with a cable locks – Most laptops have a built in slot to connect a lock.
- If you must leave your laptop in a car, stow your bag in the boot before you reach your destination, so potential thieves don’t see you.
- Ensure your laptops and smartphone require a user password to log on to the computer and preferably laptop data should be encrypted.
- Ensure your IT support team know how to wipe your smartphone remotely if the device is lost.
- Make sure your smart phone is protected by a password which automatically locks the device when it is not active.
- Mark all valuable IT equipment with security tags.
Portable storage devices like small external hard disks, USB drives, or even an iPod are very easy to lose, or to steal. If the drive contains confidential data, a missing drive can be a serious data protection breach problem.
Some tips for USB drive security
- Only use USB flash drives for transferring data, don’t use it as a means of permanent data storage;
- If the data being held on USB drives is confidential ensure the device is encrypted.
Logical security consists of the software safeguards to protect data and information from internal and external threat. The level of security required will depend on the nature of the data being held and the risk of the loss of that data.
A bank obviously needs to have much more sophisticated systems to protect its data than a small manufacturing company. Every organisation needs to ask itself questions such as:-
- Can my staff access sensitive company information such as payroll or accounts?
- Is the company network secure from outside hackers?
- Would you know if data and information had been leaked or stolen?
The basic recommendations for business are:-
- Ensure all staff login to your systems with a strong password which is regularly changed.
- Always lock your computer screen when you are away from your computer.
- Install a firewall to protect your network from outside attacks.
- Ensure your anti-virus software is running on every PC and that it is fully up to date.
- Regularly update your servers and pc’s with the latest security patches to prevent attacks.
- Check backups daily and always keep a backup copy offsite in case of a disaster.
As well as being Managing Director at KS Services. Paul Kelt is a qualified Information Security Auditor and the former Head of IT Audit at AMEC plc.
To find out more about System and Data Security call 01274 772244 or click here.