Share it with your network!
Help your friends to new knowledge
Among many security experts, the question is no longer if a company will be exposed to a data breach — but when. Here are the security measures you should apply today.
An IT system and the data stored in it is crucial to most businesses — big and small. As more companies increasingly handle business-critical information digitally, the vulnerability and risk of IT attacks and accidents are also increasing. According to a survey by the data security company Symantec, it appears that large companies such as banks are not the only ones subjected to attacks and intrusion. In 2015, three out of five attacks were aimed at smaller companies and two out of five at medium-sized companies in Sweden, the report shows.
For many security experts, the question is no longer if a company will be subjected to an attack — but rather when. And even though intrusions can lead to devastating financial consequences, such as the customer or financial system being locked down, the knowledge about IT security is generally quite weak.
Anders Söderström, CEO of IT security company Sentor in Sweden, gives his eight best tips for securing your data
Analyze
Carry out a risk analysis and take action that is tailored to your business: What data is the most important to protect and what consequences can it have if it disappears or ends up in the wrong hands? Address the greatest risks by developing measures that reduce the likelihood that it will happen, or decrease the frequency for when it occurs.
Update
Make sure to stay up-to-date with software, browsers, computers and mobile phones. This reduces the risk of malicious software such as trojans being installed. Use automatic updates as much as possible.
Backup
Carefully handle your business-critical information and store it in a different physical location. This can be done manually with standalone hard disks that you move or by using software adapted for this.
Segment
Segment your network and place critical systems and databases on one network, and work computers on a different network. This reduces the risk of intrusion into the systems when employees connect their work computers at hotels, airports or cafés and then at the office. Place a firewall between the networks and use it to control which network traffic is permitted to move between them.
Monitor
Just as regular physical alarms can detect if someone has broken into a space, monitoring of networks and logs along with incident management can increase security. There are service providers that monitor logs from networks and systems to detect potential infringements. This enables you to detect and react more quickly to attacks.
Use multiple virus programs
A virus program is not a guarantee against intrusion. Use several that complement each other: one for scanning emails, another for browsing traffic and yet another on the work computers.
Map cloud services
If your company uses cloud services, map out how the supplier works with data protection and integrity and where your information will be located. Also consider what information is placed in the cloud and be aware that you have handed over control to another company.
Educate
Invest in IT security training for your employees to protect important information. Determine and communicate what information is sensitive and how to handle it, such as information that cannot be sent via regular email, but must first be encrypted.