Russell Richardson are experts in the physical document
realm, offering a range of shredding, archiving, and recycling services, with
confidentiality, and security at the core. Many businesses however, also store
sensitive information online. With cyber attacks increasing in prevalence and
severity, being responsible with your digital documents is just as important as
it is with your physical ones.
Our IT partners at Impelling have a wealth of experience
helping their customers develop robust security strategies, and implementing
solid cyber defences. In this guest blog, they offer up five simple tips any
business can follow to help keep a handle on the security of their digital
documents.
============================
1.
Limit employee access
Digital documents can fall into the wrong hands for a number
of reasons, and strict control over which staff can access which documents can
go a long way to prevent it happening. For digital documents to end up in the
wrong hands, typically they'll have taken one of two routes. They'll either
have been stolen by an external third party, or they'll have been handed over
by an employee, either by mistake, or maliciously.
Controls over file access limit the scope of any potential
attack in both these scenarios, and allow you to ringfence the most important
documents in your organisation. The fewer people that can access the file
containing your 11 secret herbs and spices, the less likely they are to leak to
the world.
2. Turn on multifactor authentication
Whether your files are stored in the cloud, on a file
server, or on your desktop, it's likely they're secured with an online account.
Whether that's your Microsoft account, your iCloud, or your Dropbox or similar.
If that account is secured with a single factor, i.e. just your password,
you're at much greater risk to hacking attempts than those secured with two
factor, or multi factor.
If you're not familiar with multi factor authentication,
it's the extra step where you have to whip out your phone, and approve a login,
or sometimes enter a six digit code. Yes, it's an extra step when you need to
login, and yes that might slow you down, but the trade off is vastly increased
security. Microsoft claim that accounts secured with multi factor
authentication are 99% less likely to be compromised. So, if you've got digital
document you want to keep secure, turn on your MFA, or better yet, get your IT
company to do it for you!
3. Backups
Having backups won't stop your documents falling into the
wrong hands, but it can be a vital safeguarding measure against hacking,
malicious intent, or accidental deletion of files. Recently we've seen the
Royal Mail, NHS, and Capita fall victim to ransomware attacks - sophisticated
cyber attacks that encrypt files locking employees out. In these scenarios,
without a backup, you really are held to ransom. A good backup solution on the
other hand, can allow you to continue business operations in the event of a
ransomware attack with minimal disruption.
It's crucial to ensure a backup solution has you covered for
every eventuality, and doing that can be a tricky task. We recommend consulting
an expert when it comes to implementing a solid backup and recovery strategy
for your business.
4. Data controls
Digital documents can be copied very easily it's as simple
as dragging a file into an email, and hitting send, and then all of a sudden
you have two copies of the same file, containing the same data, at different
locations. Sometimes it's necessary to share sensitive information with third
parties... You might be developing a new top secret product with an external
consultant, and need to share documents as part of the process. But, if you're
emailing files back and forth, how can you keep track of those files? How do
you know further copies haven't been made, and sent elsewhere?
Data controls can help mitigate this problem, and help a
business keep tabs on how far and wide the information it's shares goes. Now,
this is a big and complex topic, and there's no silver bullet type solution
that's going to comprehensively prevent data being copied. But, there are a
number of ringfences and safeguards you can put in place that go a long way
towards keeping data safe. If you'd like
to understand more on this topic, get in touch with Impelling, who'll be able
to explain more.
5. Training, accreditation and testing
Technical blocks, checks, and safeguards like the ones
listed above are a great start, but we can't forget the fact that we're all
human. A large number of cyber attacks rely on an element of "social engineering".
Manipulating people into handing over passwords, or sending a file to the wrong
place etc. It's also just human nature to make mistakes sometimes, and
accidental file deletions happen all the time (another reason backups are
important!).
To combat our inherent nature to be manipulated or make
mistakes, we advise cyber security training, to make staff aware of the risks,
and know how to spot potential threats, and how to action them should they
occur. Training can be taken a step further with accreditations like Cyber
Essentials, which are designed to ensure your organisation and staff operate at
a certain standard when it comes to security. Beyond that, we also recommend
your staff's response is tested, through fake phishing campaigns or similar,
much like you might practice a fire drill.