We regularly talk about the need to make sure your systems are secure. However, one item that rarely gets mentioned is the actual data sitting behind your company's network.
Most of the cyber attacks that happen today would encrypt your company data.
Due to the pure reason of the cyber attacks Governements all around the world are looking at tightening up their legislation around data introduction of GDRP in Europe is a pure example of this.
With all the new rules in place you must know exactly where your data is stored, how secure it is and whether it is being backed up or not.
Below is a list of the most common locations for your company data to be stored:
- Cloud Services
10 years ago cloud was a new thing in IT but as things progressed most of the emails are now cloud based e.g. Office 365 and Google Workspace.
Have you actually given it a thought of what information is stored in your inbox? or more importantly in your HR departments inbox? All of that personal information need to be fully secured and safe.
2. Desktop and Laptop Computers
This is the most obvious reason where your data is kept, it is important that you should have some form of encryption in place so that if there is a breach or if the machine gets stolen then the data is useless without the encryption key.
3. On-Premise Servers
Even if you have your data stored in the cloud chances are that some of your data is still stored on your servers onsite. Most probably you or your IT Support Provider would have security software installed on the server but have you actually thought about the physical access of the server? Is the server stored in a server cabinet or just another cabinet, is it under lock and key or anyone can access it?
4. USBs, portable storage and memory cards
Many government agencies have ahad all sorts of breaches due to the use and loss of USB Hard Drives. The best advice which I can offer you is to either restrict the use or ban the the use within your organization completely.
5. 3rd Party Suppliers, contractors and consultants.
It is fairly common for larger organizations to have a quit a few contractors and consultants touching many parts of their data, what is your policy around this?
How are you securiing your data in these sorts of scenarios?
Let's presume you have a cyber security insurance, would that be invalidated if it was discovered that proper security was not in place?
If you would like to find out some of the other locations where your company data may be stored check out our free inforgraphic here