Data security is far from a side issue, of interest only to big players. On the contrary, it applies in equal measure to start-ups, small- and medium-sized enterprises, and global consortia. Even though the scale of issues each of these need to grapple with is completely different, security should be an absolute priority for all. Imagine small, fledgling companies with huge business potential. Such enterprises are at particular risk of data loss, since they tend to focus on achieving sales targets, conquering new markets and defeating the competition, while security issues are often relegated to the sidelines. However, large corporations are not completely immune to data loss and other IT security threats either.
Where should your adventure with IT security services begin? Start with comprehensive risk analysis. Security is not something you put in place just before the deadline and check off as done. It is an ongoing process of improvement. This means you should avoid any rash action, and resist the temptation to try to secure everything at once. You need to perform a thorough analysis of risk related to your activities, and identify potential threats to your own data and the data of your clients. This is an absolute prerequisite if you want to build a comprehensive strategy that will cover all security aspects, design dedicated procedures and policies, and train your staff properly. Your employees are an incredibly important factor in determining whether your security policy succeeds or falls flat on its face.
It is our duty to raise security awareness among staff, especially those in daily contact with sensitive company data or personal information covered by special statutory protection.
“It is our duty to raise security awareness among staff, especially those in daily contact with sensitive company data or personal information”
A professional approach to data security today rests, for instance, on the principle of limited access. How does this work in practice, and why is it so important? To minimize the risk of data theft or damage (be it deliberate or accidental), it is a good idea to limit the number of people who enjoy access to any given content as much as possible. This requires us to step away from policies that were in use up until recently, and which gave employees a number of access rights and privileges from the very start, without any regard for the actual tasks they were charged with. When it comes to access, we should aim for minimization. What this means in practice is that, to begin with, employees should only be given access rights sufficient for them to do their job. If necessary, these may be later expanded by the administrator.
Access passwords are another important link in the security chain. A good password must be strong, i.e. it should consist of lowercase and uppercase letters, as well as digits, and, as much as possible, avoid using actual words. The best passwords are unique (especially if you use several systems), and frequently changed in unpredictable ways. One of the most common mistakes is the tendency to modify passwords along the lines of ‘2018June,’ ‘2018July,’ ‘2018August,’ and so on. This is usually meant to ensure that they are easier to remember, but it also makes them easier to crack.
Considering that passwords should never be saved in a search engine, an important question arises: how are we supposed to remember a dozen or several dozen combinations for so many different access rights and systems? This is where advanced technologies come in. A password manager application is a natural solution to problems related to the use of simple passwords designed for many different services and applications. Modern software solutions not only help with remembering passwords for apps and websites, automatically fill in forms and supply credit card data, but also change automatically passwords on your favourite websites.
It’s also worth taking a look at the solutions and IT technologies already on the market, which are designed for data leak prevention (also referred to as data loss prevention – DLP). DLP solutions ensure protection against data loss, and against threats such as data theft malware, hackers and accidental data loss.
“Backing up your data guarantees quick recovery in the event of system failure or hacker attack”
Backup: A Modern Remedy to Many Ills
Backing up your data guarantees quick recovery in the event of system failure or hacker attack. Without backup, your resources may be completely or partially lost. However, for backup to be effective and reliable, several basic principles should be borne in mind.
One of the basic rules is known as ‘3-2-1.’ This holds that you should aim to create a minimum of three file copies stored on at least two devices. At least one copy should be kept separately from the rest. Three basic types of backup can be distinguished in terms of scope: full backup (covers all data and entire systems), incremental backup (covers data generated since the last full backup), and differential backup (only covers files modified since the last full backup). An example policy may involve creating a copy of the entire system once a week, followed by daily incremental backups. The copies may be stored for four weeks, for instance, and then overwritten. In fact, there is no single golden rule to guide backup policy for all. Individual clients know their businesses best, and understand which systems are critical for their health; it is up to them to decide which data are particularly important and how frequently they should be backed up.
Backup lies at the very core of every well-considered and secure data use and storage policy. Unfortunately, the larger and heavier the system, the longer it will take to copy. Backup copies, depending on the size of the environment, may take many hours to create. This often requires users to suspend the system and look for backup windows, i.e. to schedule times (for server systems, usually at night) when the resources are not in use and may be conveniently copied. Is there a solution to the backup window problem? The inconvenience may easily be eliminated with cutting-edge technologies that quickly dump all system data to a separate disk array. Thus copied, the data may then be used for backup, e.g. they may be further copied to magnetic tapes.
Entrepreneurs who handle data need to take measures to guarantee that they will be adequately protected from accidental or deliberate leak or unauthorized third-party access. To find out more about this issue, and to read up on database security, effective backup and interesting data recovery solutions, take a look at our latest e-book, entitled Data Security and Backup. How to Protect Your Company Against Major Problems.
