The importance and volume of business data continues to grow as businesses of all sizes adopt technology. Most business would find it difficult to recover from a total loss of their corporate data. Bizcare recommends and implements a multi layered approach to data security. The traditional approach to data security has been to assume that the biggest threat lies outside the business and to focus on perimeter defences such as firewalls. In fact many studies have shown that the biggest threat to data loss comes from within the business itself. Good data security requires measures that reduce both internal and external risks.
Measures to Reduce Internal Risk Password Policies
Password are a nuisance. This nuisance value makes them a weak link that is a favorite target for those trying to gain access to your data. We don’t have a way to make passwords more palatable, but we can enforce strong password policies to reduce the risk. Passwords policies make sure that the password meets minimum length and complexity requirements. Polices can also make sure that the password is changed at regular intervals and not reused.
As a general principle employees should have appropriate permissions so that they can do their job but no more. The obvious reason for this is to restrict access to sensitive data to only those who need it. There is a second less obvious benefit though. If a user account is compromised the damage that can be done with a restricted access account is confined to those resources that the account has access to. In particular, non-technical staff should not have administrative level permissions for their day to day work. If an individual (eg the business owner) wants access to all functions a separate account should be provided that is only used when that level of access is required.
Patching of the operating system (Windows in most cases) and applications reduces the risk of malware infection. Software is very complex and over time bugs are discovered that make it possible for malware to gain access to a system. Software vendors respond to these problems in their products by creating security patches and making them freely available for their products. Our Managed IT Services product automates the patching of servers and workstations to reduce the chance of malware infection. Some patches also provide functionality bug fixes, and occasionally feature updates.
Reducing External Threat Malware Protection
The first line of defence against malware is making sure that all systems are fully patched. However, effective data security requires a multi-layered approach. Some software security problems are discovered and exploited before the developers of the software can respond with a patch to fix the problem. To defend against this you need anti-malware software on all computers in the network. Bizcare recommends Webroot endpoint protection. We install and manage this product for all of our Managed IT Services clients. Webroot is a cloud based anti malware solutions that has a very small impact on the performance of servers and workstations. Most importantly its detection is based on a massive cloud based database that is constantly updated from millions of endpoints all over the world. This solution does not use the traditional signature file approach that can easily become out of date.
Even with all of the measures above things will occasionally go wrong. A simple example is an employee mistakenly deleting a whole folder of documents instead of a single spreadsheet. Effective data security must implement a solid backup regime to make sure that systems and data are recoverable.