While we all hate having to update them, passwords are the lock and key to keeping your business and data safe. We all know they are important to have, but would yours pass under pressure? When it comes to business security, the reality is that any data big or small is valuable and hackers are keen to get their hands on it. Naturally businesses will find it harder to keep up with security due to there being more risk at stake (compared to a single user). The question is, are your password habits setting your business up to being exposed to an attack? When carrying out a risk assessment, it is important to review your company’s vulnerabilities, including passwords. Here are a few actions that can keep your gates strong and your castle safe.

Educate your employees |

The most essential part of any business are the people behind it. It is essential that your employees know the risks and measures in place to keep your business secure. Educate you team and implement good practices for passwords by regularly updating them and not sharing with other colleagues.

Set up password strength requirements |

This sounds like an obvious point, but there are still companies that don’t enforce password strength requirements. This means that their employees are using passwords that are likely to be weak and risking the chances of a data breach.

Establish a level of access |

Devise a ‘Core Security Policy’, by limiting access to your company’s most delicate information. Designate a selection of people VIP access and only give access to those employees who truly need it. Don’t forget to regularly re-evaluate this, especially if people leave the business!

Set up MFA |

Multi-Factor Authentication (MFA) is a security measure that requires the user to go through more than one method of authentication, before being given access. The point of having MFA is to create a layered defence method, which should make it harder for an unauthorized person to enter.

Keep an eye on your activity |

Monitor your activity across all company accounts with regular activity reports, including the data accessed, when and which user accessed it. If a problem arises you will be able to identify it more easily.

If you have ever lost any of your files before or had your device wiped, you should be familiar with that huge sigh of relief knowing that you have a secure backup. Data loss can happen for many reasons; from spilling a coffee on your computer, to a large-scale data breach. Nevertheless, having an up-to-date copy or a couple of copies of your business data could potentially save your company from disaster. It’s best to think of backing up your business in two parts, local back up and offsite back up.

Cloud |

The current megatrend and future of data security seems to be the use of Cloud based applications, empowering businesses to become more mobile and welcoming BYOD. In short Cloud services allow your business to create an automatic and regulated backup of the system, by storing as many versions of data as your business needs on remote offsite servers. They are an excellent choice for any business looking for an additional source of security when onsite threats or physical disasters strike. Cloud can be easily accessed anywhere through an internet connection, meaning more offices are encouraging their employees to work remotely.

Data Centres |

A data centre houses all of your businesses IT and stores it in a secure location offsite. They must always be running, remaining secure and functional with extensive CCTV covering secure entry and exit points. Data centres can house data for multiple companies at once, this means that they can often have multiple security measures in place to protect the data they handle. Data centres and Cloud usually work simultaneously together, with all Cloud-based services such as SaaS and IaaS being based within data centres.

The OSI Model |

The OSI Model or ‘Seven Layers Model’ was actually first established in the 1970’s when computer networking began. The OSI Model uses seven layers to give an organisation a visual explanation of what is happening within their networking system. It is beneficial for businesses for aiding network managers to narrow down any potential problems on the network. The seven stages of the OSI Model consist of:

7: Application -The layer that is the closest to the end user, such as Google Chrome, Safari or Firefox.

6: Presentation – The preparation or translation of application format to network format.

5: Session – Created to allow computers and servers to speak to each other.

4: Transport – The co-ordination of data being transferred between the end systems and the hosts.

3: Network –Responsible for packet forwarding through different routers.

2: Data Link – The layer using node-to-node data transfer.

1: Physical- The physical representation of the system itself.

If you can understand the method of using the OSI model and the purpose of each of its layers, then you can apply this when identifying which protocols and devices can work simultaneously with each other, especially when new technologies are developed.

PGP Keys

Software engineer Phil Zimmermann created ‘Pretty Good Privacy’ (PGP) back in 1991, but today it is owned by Symantec. PGP Keys work through means of communication such as an email, by using a public key to lock and a private key to unlock a message. A user would take the public key and encrypt a message and send it to a second user, who will take their private key and unlock the message. PGP software adds that extra level of security when sending sensitive information.

Final Words

By reading this blog we hope to have enlightened you on the world of data security and that you will take away a couple of good pointers. Remember that a threat is liable to come from inside your organisation, but always assume you are open to attack by staying on top of your security.

Always assume there is vulnerability. You are never really 100% safe.