Introduction
We regularly talk about cybersecurity and the need to make sure your systems are secure.
However, one item that rarely gets mentioned is the actual data sitting behind your company’s IT systems. The majority of cybersecurity breaches that happen today encrypt corporate data. As more and more breaches happen, governments all around the world are looking to tighten up their legislation on how data is processed and kept secure.
This has already happened in Europe with the introduction of GDPR. Of course, you might not operate in Europe but if you have clients based in Europe the legislation applies to you also. With all their new rules in place, you must know exactly where your company data is located, how it is being secured and if it’s being backed up.
Here’s our list of the most common locations for company data to be stored:
1. Cloud Services
10 years ago, the cloud was new to the IT world, but has rapidly grown in popularity – with the majority of email services becoming cloud based, this is the most common location for all types of company data to be stored. What’s lurking inside your inbox or, more importantly, your HR department? More than likely, they’ll have a lot of sensitive data – all this data needs to stay secure, otherwise you could be in for severe fines.
2. Desktop & Laptop Computers
This is the most obvious location for where data is kept. What’s important is that you have some form of encryption on all devices so that if anything ever goes missing, there is a limited chance of the data being accessed.
3. USBs, Portable Storage and Memory Cards
One of the most common ways for a data breach to occur is through the use and loss of USB drives. The best advice we can give you is to restrict their use. Or, place an all-out ban on the use of USB storage devices within your business. While it’s very practical for transferring files, it’s also very easy to lose, potentially leaving your data vulnerable.
4. On-Premise Servers
Even if you have cloud services on your IT infrastructure, there’s a good chance you also have on-premise servers doing some basic functions. The most common include network file shares, printer servers and directory services.
While you may have software and systems protecting these servers, the question we ask is about physical access. How easy would it be for someone to access these servers physically in your office? Are they locked in a server room, or just in a spare office cupboard? Who has access and what type of procedure do you have in place to gain access to these locations?
5. 3rd Party Suppliers, Contractors and Consultants
It’s fairly common for larger sized business to have a constant flow of suppliers, contractors and consultants touching many aspects of your business. These interactions usually lead to the transfer of data. What’s the company policy on the supply of data to 3rd parties? Do you have an NDA in place? Do you have a questionnaire that’s reviewed by IT to establish what security is in place with these 3rd parties Would a breach invalidate your insurance if it were to be found that the correct security was not in place?
All of these are valid and useful questions to ask yourself, your IT department and your 3rd party supplies to ensure your data is kept secure. If you’d like help determining where your data is stored, reach out to us today.
Get in touch with us
Secutor Cybersecurity is a trusted partner comprised of industry leading experts in the fields of Cybersecurity and Governance, Risk and Compliance. We partner with our clients to deliver on-demand solutions tailored to expertly navigate the regulatory demands of their specific industries.
Our proven track record of successfully exceeding client expectations is achieved through the combination of our methodical approach, advanced technologies, subject matter experts, and synergy with client team members.
Secutor is your team of world-class problem solvers with vast expertise and experience delivering complete solutions keeping your organization protected, audit-ready, and running smoothly.