4 Principles of secure data management
Data breaches not only ruin your reputation as a business, but they also can be quite expensive. Under the General Data Protection Regulation (GPDR), you can face heavy fines for failing to keep data safe. Regardless of the size of your business, Security Of Database Management Systems is one thing you simply cannot ignore.
With that in mind, we’ve put together a quick list of four key principles to apply for data management. Put these into practice, and your data will be safe from every kind of attack.
Security Of Database Management Systems – Password security
One of the biggest vulnerabilities in any company is the humble password.
Studies show that at least 10% of people rarely change passwords and reuse the same ones constantly. Does your company impose strict password requirements on its users?
Suppose your employee uses the same password for a personal account as they do for their work accounts. Now imagine their personal account information gets leaked. Hackers will try to use that same password on any account associated with that person, and they may get into your data.
The solution is to require regular password changes and enforce rules that keep them from being easily guessed or predicted. A managed IT security service provider can review your current settings and recommend improvements, including reminders or forcing password updates at regular intervals.
Furthermore, we can run scans across all the users on your domain, and advise you of any credentials which have been breached, and which could be used as part of an organised attack. With this level of visibility, you’re able to take action on regularly updating passwords.
Secure data management depends on using encryption wherever possible. Encryption scrambles the data when it is sent, and it is only decoded when it arrives at its destination. You should have encryption on both your local network and from your website, as well as on mobile devices.
Infiltrators use a technique called packet sniffing to steal unencrypted data. If an intruder is on your network, they may not be able to access a computer directly, but with packet sniffing, they can steal the data as it passes through. However, if it’s encrypted, they won’t be able to make sense of the data.
The weakest link in any data security chain is the human being. People make mistakes, and those mistakes are easily exploited. To protect your data, you need to limit the potential for employees and other users to create problems.
One of the most common attacks is a phishing attack, which tricks people into giving up sensitive information like passwords by pretending to be a legitimate website. This is how Yahoo gave up information on almost 3 billion accounts.
Limiting User Permissions
The first way to accomplish better user management is to limit what users can do. Do all of your employees need access to every file? Creating separate levels of permissions helps to limit the damage one employee can do. If one of your workers falls victim to a phishing attack, limited permissions will limit the problem.
Be mindful to balance mobile productivity needs with compliance and the need to control who accesses what data. User access control does not need to interfere with productivity, and can be tailored to your business’ specific data control requirements. Microsoft’s UAC (User access control) is a powerful way to balance role-based, discretionary, and mandatory access control, whilst ensuring users stay productive in mobile, remote, or office environments. It is a fundamental component of security, and a smart implementation of it will ensure you create a truly scalable, digital workforce, and that anyone in the organisation can work secure from anywhere without compromising data or holding back on productivity.
Some employees will need access to a large amount of sensitive information. The best way to ensure they don’t make mistakes is to train them with realistic simulations. Atech recommends using managed phishing simulation – in other words, fake phishing attacks to see who takes the bait. Any gaps in security awareness are easily remedied once you know where support is needed.
Employee training is also a necessary step any time you add new software or switch platforms. Trust your managed IT security provider to know the software better than anyone, ensuring a safe transition.
Data Backups and Recovery
There is an old maxim in the IT community: data you don’t have three copies of is data you don’t care about. Secure data management is more than stopping thieves, it’s also ensuring that the data itself is safe from hardware problems. Suppose your server were to crash or a hard drive were to fail. What would happen then?
For maximum data security, you want a working copy that you edit and use. Then, you’ll have a local backup of that same file, ideally updated on a regular basis, perhaps nightly. Finally, you need one copy offsite. The offsite copy is crucial. In the event of force majeure, nothing will be lost.
Modern cloud data storage for business are a great way to manage offsite copies and can even be useful for backups as internet transfer speeds continue to rise. Although you could use cloud storage for working files, this means your employees must be online. This makes sense if you have multiple offices or locations and employees need to collaborate.
Local Data Management
There are a few rules for data management inside the office. First, important files should not be saved locally on each user’s machine. This is a bad habit that we bring from home into the workplace.
This causes problems because odds are those files are not being backed up. In addition, each employee has their own way of organising things and consolidating files later can be a hassle. Instead, have a central server where files are accessed and saved.
For backups, you can configure a server to automatically create a duplicate using RAID or software solutions. The same goes for cloud storage. The included software should allow you to determine which folders are uploaded to the cloud automatically, removing the possibility of an error.
Need a managed IT security provider?
We know that businesses with more mature and complex cloud architectures are experiencing faster revenue growth. Cloud first or hybrid cloud solutions means greater agility during rapid change, but also calls for working with providers with the right specialisms, and the ability to quickly grasp and align with your business requirements.
We understand the needs of businesses like yours in balancing productivity and security, whilst ensuring your technology investments deliver returns and ongoing optimisation. Whether your data governance challenge is people, process or technology-related, we have the expertise to design and implement innovative solutions. Get in touch with us to arrange a consultation on how you can maintain data governance requirements in an evolving landscape.