With so many potential vulnerabilities in every business IT system, there is no “silver bullet” – no single safety measure that will let you sit back and relax, knowing your IT is safe and data is secure.
Most of the risks are ongoing and constantly changing. They need an active approach to stop your business falling victim to a data breach or malicious cyber-attack.
It would take a lot more space than is available in this newsletter to talk about all the risks you face.
So instead, we can talk about two of the most important things you can do to stay safe.
Make sure your team only has access to the data it needs
Keep an eye on who has access to what and whether they need it.
The more people have access to sensitive data, the more potential routes there are for the wrong people to get access to it.
If you give everybody access to everything, all it will take is for one account to become compromised.
And before you know it, criminals armed with malware will have access to your systems.
Just as important as this is how you manage the IT accounts of people who leave the business or change jobs internally.
For example, if an employee switches from accounting to a management job in a completely different part of the business, they probably won’t need to keep access to all the data they needed for their last role. Failing to adjust permissions only adds to your level of risk. When people leave your business, you must immediately restrict their access to your systems and data. Implement appropriate policies and processes to reduce the risk of something slipping through.
Keep your devices secure
Another important thing to watch out for is how frequently you’re installing updates on devices. This includes tablets and phones as well as computers. They must all be kept updated with the latest security patches. All it takes is one weak link for your whole business to potentially be compromised.
Make sure that you replace old devices that are no longer getting updates, or can’t support the latest versions of software. And of course, it’s also important to make sure that all devices are backed up in real time.
Consider computer and mobile device encryption. It turns the data into unreadable garbage if the wrong person gets hold of your device.