Data security is at the top of many businesses’ agenda right now due to the increase in home and remote working. Here’s Chris Barr, CT’s technical director, with a handy guide

What is data security?

Data security refers to the process of protecting data from being accessed without permission, and from data corruption throughout its lifecycle. A data breach can be a significant issue for most organisations, and for the people involved, if personal data is compromised. Not only are there immediate cost implications, there’s also the potential loss of revenue in the future as customers lose faith in an organisation.

Why is data security important?

Any information your business stores digitally needs to be properly protected. From financial information to contact details for staff and customers, data usage in the UK is protected by law.

As well as this, it can benefit your business in many ways. This includes:

  • Helping to reduce the number of data breaches your business can suffer
  • Helping to prevent loss of revenue
  • Helping to protect customers’ privacy
  • Supports your business’s code of ethics
  • Gives you a competitive advantage over competitors
  • What is data security management?
  • Data security management is the effective oversight and management of a business’s data to ensure it is not accessed or corrupted by unauthorised users.
  • A data security management plan includes planning, implementation of the plan, and verification and updating of the plan’s components.

What is data security in cloud computing?

The convenience of anytime, anywhere data availability makes the cloud a compelling alternative to a traditional data centre.

It’s important when considering moving data and systems to cloud platforms that, by making it easier for staff to log-in from anywhere and any device, the internet-facing ‘surface area’ of an organisation’s infrastructure is significantly increased and it’s then easier for compromised credentials to be exploited to access data.

Key causes of data breaches:

  1. Weak or stolen credentials

Basic controls such as account lockout on multiple failed log-in attempts and user training on appropriate passwords are recommended. Multi-factor authentication prevented 99.9 per cent of breaches Microsoft saw in 2019.

  1. Application vulnerabilities

Keep software – especially servers connected to the internet and users’ PCs – up to date.

The recent flaw identified in Exchange server patched in March 2021 allowed anonymous connections to an Exchange server to download mailboxes and run commands remotely.

  1. Malware

Malicious software can be used to create a backdoor or log user activity – ensure all devices are running an antivirus solution.

  1. Staff error

Increasingly complex security solutions can protect against hackers, who try to deceive users into volunteering passwords or to install software. Running regular training and simulation sessions will keep your staff up to date.

  1. Lost devices

Data can end up being stored on portable devices such as laptops and phones. Using an encryption tool gives peace of mind that data is protected if a device is lost or stolen and can’t be accessed without the device password.

Contact CT – call 01246 266130 or visit www.ct.uk