Six tips for reviewing your system and data security
System and data security are based on three things: confidentiality, integrity and availability. With the updated Data Protection act and GDPR having a huge impact on how organisations treat and manage their data, security is at the forefront of everyone’s minds.
There is even more focus on the action that the ICO have taken. Recent posts describe penalties of £100,000 fines for computer networks that were not secure and became the target of a cyber-attack.
So how can you make sure that your systems are secure? If you are new to this topic then here’s six tips and associated resources you can use to find out more:
By using login credentials, you can decrease the likelihood that you have an intruder on your network. Getting passwords right will have a big impact on the success of this step. So, one big tip – do not use dictionary words in your password. A dictionary attack is an easy and common way to attack. It involves running through a list of dictionary words, names, locations and popular phrases, until the password has been identified. Instead, try using a combination of random letters, numbers and symbols to protect your systems from external threats.
Remember though – don’t stop there, it has been reported that 42% of threats come from employees so keep your login credentials to yourself – don’t share them.
Network – Firewall, antivirus, IDS & IPS
It’s important to secure your network – you can do that by making sure these systems are set up correctly. First of all though, you really need to know what they do. Here’s a quick overview:
- Firewalls inspect every data packet coming in before allowing it onto the network.
- Antivirus software uses registered software signatures and heuristics to check the authenticity of the software.
- Intrusion detection systems monitor data passing through a network, if an intrusion takes place it will then be reported. Intrusion detection systems work hand in hand with:
- Intrusion prevention systems that will then prevent any more packets from entering the network.
Patching takes place when a vulnerability, usually in newly released software is identified so patches are released as updates. We have probably all seen an update alert and clicked ‘remind me later’ at some point because we are too busy to install them immediately. When security flaws are found it is important to make sure you are not open to the attacks that may come with it, so make time for those updates
Data encryption is of huge importance, particularly if you have data management systems, . Your clients rely on having a trustworthy and secure organisation taking care of their data, even more so when dealing with sensitive data. So, is your data encrypted at rest and transit? Are your passwords hashed and salted?
We are all aware that a lot of security threats come from the World Wide Web. So here are four precautions you can take to make you a little less vulnerable and keep your data more private. These are based on Chrome but you can find tips for other browsers using a search engine:
- Disable third party cookies
- Disable tracking
- Block pop-ups
- Set your browser not to open “safe files” by default
Lastly, the key to it all – the people. Having the right values instilled in your employees will make a dramatic difference to compliance. Make sure there is an awareness of the importance of security. Whether it’s take responsibility or just engaging in the correct practices, security belongs to everyone and we all have our part to play.
Getting your system and data security right is a big part of becoming GDPR compliant. We work with many clients on projects relating to GDPR compliance.
Get in touch if you’d like to talk more about how we might help you.