Six tips for reviewing your system and data security

by Rhien Salgado-Jones on 18th July 2018

Digital Security and Data Protection

System and data security are based on three things: confidentiality, integrity and availability. With the updated Data Protection act and GDPR having a huge impact on how organisations treat and manage their data, security is at the forefront of everyone’s minds.

There is even more focus on the action that the ICO have taken. Recent posts describe penalties of £100,000 fines for computer networks that were not secure and became the target of a cyber-attack.

So how can you make sure that your systems are secure? If you are new to this topic then here’s six tips and associated resources you can use to find out more:

User Authentication

By using login credentials, you can decrease the likelihood that you have an intruder on your network. Getting passwords right will have a big impact on the success of this step. So, one big tip – do not use dictionary words in your password. A dictionary attack is an easy and common way to attack. It involves running through a list of dictionary words, names, locations and popular phrases, until the password has been identified. Instead, try using a combination of random letters, numbers and symbols to protect your systems from external threats.

Remember though – don’t stop there, it has been reported that 42% of threats come from employees so keep your login credentials to yourself – don’t share them.

Network – Firewall, antivirus, IDS & IPS

It’s important to secure your network – you can do that by making sure these systems are set up correctly. First of all though,  you really need to know what they do. Here’s a quick overview:

Patching

Patching takes place when a vulnerability, usually in newly released software is identified so patches are released as updates. We have probably all seen an update alert and clicked ‘remind me later’ at some point because we are too busy to install them immediately. When security flaws are found it is important to make sure you are not open to the attacks that may come with it, so make time for those updates

Encrypt Data

Data encryption is of huge importance, particularly if you have data management systems, . Your clients rely on having a trustworthy and secure organisation taking care of their data, even more so when dealing with sensitive data. So, is your data encrypted at rest and transit?  Are your passwords hashed and salted?

Browser settings

We are all aware that a lot of security threats come from the World Wide Web. So here are four precautions you can take to make you a little less vulnerable and keep your data more private. These are based on Chrome but you can find tips for other browsers using a search engine:

Culture

Lastly, the key to it all – the people. Having the right values instilled in your employees will make a dramatic difference to compliance. Make sure there is an awareness of the importance of security. Whether it’s take responsibility or just engaging in the correct practices, security belongs to everyone and we all have our part to play.

Getting your system and data security right is a big part of becoming GDPR compliant. We work with many clients on projects relating to GDPR compliance.

There’s an overview of the different ways we can help you and the various GDPR-related resources we have available here. We also have a GDPR related blog series here that you can use as a resource.

Get in touch if you’d like to talk more about how we might help you.