Laptop security

The Data Journey

With GDPR now in place, what should businesses consider in order to set good policies around data at the different stages in the data journey, such as when it is at rest, in transit, in the cloud? And what will GDPR mean for this?

This blog, from Nigel Crockford, Business Development Manager at IT consultancy and data security specialist eSpida discusses data policies.

Data policies

A good data policy must clearly outline how data will be managed from collection through to storage, with an unambiguous set of procedures detailing how, why and by who. This is necessary for businesses to protect themselves under the new GDPR law. This includes a clear policy on the use of email as a method of storing and moving data.

The proliferation of email has meant that it is far too easy to embed malware into an email that will then sit in an inbox for weeks or even months. Organisations should start to adopt policies that take advantage of instant messaging for general peer to peer communications, to minimise the risk associated with over-reliance on email and email security.

The cloud

When multiple people have access to data, which is often the case with information stored in the cloud, there is a greater concern of loss, amendment or handling without necessary permissions. Businesses must have a procedure in place that not only ensures only authorised people directly handle data, but that every person who may process data in some way does so safely.

Data loss prevention (DLP) solutions help to form good policy to help identify, report and stop the movement of data in and out of your network.

IT security best practice

If a person’s device or computer has access to a system that holds data, any viruses that affect it or hackers that attack it can pose a potential risk to data security. It’s crucial that good IT security practice forms an integral part of business culture.

IT security best practice includes:

  • updating systems
  • upholding policies around patch management to ensure systems are kept up to date and protected against hacking
  • installing antivirus software
  • setting secure passwords
  • using more advanced security solutions such as two factor authentication

The introduction of GDPR has made such policies and best practice even more important.  If you feel your business is vulnerable, an IT consultancy offering IT security solutions and services such as eSpida can help.

/0 Comments/by

Hillgate Travel

Virtualisation project helps Hillgate Travel double business revenue

Read more
/0 Comments/by
Using SMS to prevent Cybercrime

The security threats of 2019

2017 was the year ransomware hit the headlines hard and it seems the threat is also prevalent in 2018.

Security chiefs and CIOs need to be mindful of the risk surrounding their IT systems and data and take a proactive approach to IT security. While we consider today’s attacks, the cyber criminals are 10 steps ahead planning the attacks of the future.

So what are the security threats of 2019 that IT professionals should be paying particular attention to?

We’re only human

Ransomware exploits vulnerabilities and in today’s business environments, these vulnerabilities often occur as a result of human error. For many organisations, the risk of attack lies with a lack of education among employees about how to manage any information they receive and how this information is collected.

The widespread practice of using e-mail in our personal and work lives has made it the instrument of choice for malware attackers. This is because there is an attitude of complacency with regards to receiving e-mails; the sheer volume we receive and send can blind us to the threat of malicious embedded links or attachments that may come from a seemingly innocuous or familiar source.  The same is also true of malicious web pages in browsers, as we saw with the recent Coinhive attack.

Safer business communications

If businesses continue to use mature applications like e-mail to share information and data, then we can expect more businesses to be exploited by Ransomware in the future.

Since e-mails are a top target for malware attacks, we recommend that businesses employ instant messaging tools for business communication. SMS technologies like this are particularly effective against ransomware as they limit what your systems can be exposed to, reducing the risk of attack.

Rectifying a problem after it has struck in not an effective solution.  We must remain proactive and keep cyber crime at bay.

eSpida Limited partners with world leading technical brands such as ForcepointHuawei Enterprise and WatchGuard to provide best in class IT consultancy and IT security solutions.

/0 Comments/by