Why is data security important?

The risks

A breach to your data can have a number of negative effects on a user. Firstly, it can result in a lot of stress. Secondly, a data breach or failure to comply with GDPR, could cause you or your company to lose money. In 2020, IBM calculated the average cost for a data breach; it was roughly 2.84 million pounds. Additionally, vulnerable data security can also cause you to lose customers – which inevitably costs your company even more money.

As well as the financial ramifications, your data could be at risk to being misused. Often, scammers will ‘phish’ for personal data in order to access a bank account or to steal your identity. There is a plethora of malicious actions that can be taken once the wrong people have access to sensitive information, and that’s precisely why we emphasize that keeping your data secure is so important.

What causes a data breach?

C.O IBM Ponemon Institute

Data breaches in the news

From the outside looking in, data breaches can be both shocking and comical. It’s surprising how some of the biggest, well-known organisations get it wrong. However, the bigger the organisation, the more data they probably hold, which makes them an enticing target.

Yahoo: This large web provider experienced several data hacks between 2013 and 2016; accumulating in a total 3,000,000,000 accounts being impacted. The aftermath of this resulted in the names, email addresses, telephone numbers and DOBs of more than 500 million users being leaked on the internet.

Facebook: In what was one of the biggest data blunders in history, corporate giant, Facebook, had hundreds of millions of its’ accounts hacked. Around 540,000,000 users were affected by this attack; with more than 146 gigabytes of personal data being uploaded to Amazon’s cloud computing service. Occurring back in 2019, this data breach exposed user’s names, IDs and details about their comments and post reactions.

Sina Weibo: In March of 2020, China’s popular social platform, Sina Weibo had 538,000,000 accounts hacked. The details of millions of user names, gender, locations and phone numbers were posted for sale on the dark web.

Legislation

There is another good reason why you want to keep your customers data private; GDPR. Not complying with government legislation is the reason why companies get charged extortionate fees, but, (along with the loss in money), businesses which break this agreement will inevitably lose customer trust. As a result, even if a data security issue is resolved, the residual effect that it has on your brand can be a death sentence.

If you want to know how Green Machine complies with government regulations, you can find this information on our privacy policy page: Privacy Policy – (greenmachinecomputers.com)

data privacy
VPN

What are the biggest threats to your data?

  • Accidental exposure by an employee
  • Phishing and other forms of scams
  • Malicious user
  • Ransomware
  • Cloud misconfiguration
  • Physical security is compromised

“The best defense is a good offense”

Jack Dempsey

Physical security measures

cctv
CCTV cameras in operation

CCTV

This is probably the most obvious solution to securing your data, although it often gets missed out. Any device that contains sensitive data should be seen by cameras. This way, if there is a physical threat to the integrity of your data, you can look through the footage to find the culprit.

All too often, I have seen companies whose CCTV is not operational, does not cover all areas, or is of a poor quality. As a result, this can make it very difficult to investigate an issue (should you have one).

Fire preventative measures

It goes without saying, that if your premises were to burst into flame, any data inside would be at risk of being lost. It’s recommended that any data servers are protected by fire-suppression methods. However, you cannot rely on one physical storage area for your data – we suggest that you back it up (preferably in several different areas/cloud solutions) just encase.

Conduct periodic data audits

The best preventative action against loss of data is to conduct regular data audits. There are many organisations which can perform your audit for you (sometimes an outside pair of eyes helps), alternatively, you can conduct an audit yourself. The essential steps needed for a data audit are:

  1. Map out where your data is and how it is stored across your network, including any stakeholders etc that can access data from outside of the company location
  2. Evaluate the quality of the data you have. Edit or delete where necessary
  3. Similarly, you should check for accuracy, scope and consistency needed for your organisation
  4. Assess authorised access rules and compliance
  5. Ensure all sensitive data is encrypted
  6. Check that you can restore your data from your back-up source

Educate your employees on best practises

Accidental or not, a large portion of data breaches come from employees. By educating your staff on the importance of data security (and the appropriate measures to take to keep your data secure), you will significantly decrease your chances of a data breach.

We explain the ramifications of lost data to our staff to emphasize the importance of complying with regulations. We believe that it helps to show employees why we do this, before letting them know how to reduce their chances of getting ‘caught out’.

Passwords: Ensure that staff are using secure passwords, and that they change their passwords regularly. Similarly, your staff should be trained on how to create a strong password.

Watch our video on creating strong passwords: Green Machine Computers – YouTube

Scam threats: Knowledge is key in avoiding a data disaster. We highly recommend educating your employees on phishing emails and other forms of scams. After that, they will be able to recognise a potential threat and won’t be likely to fall for the usual scams.

Top tip: Do not reply to any suspected phishing emails, as this will show them that your account is active, and you’ll be more likely to receive these types of communications in the future.

Computer hacker

Technical security measures

Access rights

It is good practice for organisations to limit the amount of data that each user can access based on their role. If their job doesn’t require access to this information, don’t give it to them. This will limit the amount of users that can see, edit, or tamper with private data. Most businesses nowadays use a tier-based system; where the people at the top are authorised to see all or most of the data, and the people at the bottom have very limited access.

Authentication

Provide your users with a form of authentication to prevent malicious attacks. This might be a password, a 2-step verification process, fingerprint or facial recognition. These forms of security greatly help to reduce the ability to access a user’s account.

Moreover, it is not just your employees you want to verify. Your customers may not always be genuine, and so, I advise adding a CAPTCHA to your payment page to weed through some of the potential threats to your site.

Firewalls

There are many out there to choose from, but essentially a firewall will prevent unauthorised access to your network or computer systems.

If you are looking for referrals, we recommend Microsoft’s Defender firewall or BullGuard, as these are systems we have in place in our offices.

Back-ups

All too often, we have a customer call us up to help retrieve their lost data. Unfortunately, unless you have your data backed up, this is often impossible to recover. If your drives fail, the information stored inside cannot be restored. That is why it is so vital that users save their important data in several places. Therefore, we recommend saving your data in at least 3 places (whether that be external storage devices, cloud solutions, or something else).

Encryption

Using a piece of software, you can actually re-order the data at a coding level. This type of software will jumble all your information together, making it nearly impossible to read, until it is decrypted safely when the information is needed. This tactic is very successful in preventing data hacks and is a good practice for any sensitive data.

At Green Machine, we encrypt all of our private data as one of the forms of protection against malicious attacks and physical loss.

Masking

Data masking a process in which you can create an almost identical version of your data, but it is inauthentic. You might use this method if your data appears on third-party sites (where you no longer have control of it), or if you want to test your system without risking the integrity of your original data.

binary
Computer code (Binary)

How does Green Machine handle my data?

  • When we receive a collection of IT equipment, the first thing we do is remove the internal hard drive, log it into our system, and then lock it into a secure cabinet.
  • While one team member logs the details of all of the hardware, another colleague wipes the drives; this is done in a locked room with limited access to only authorised personnel (it is also under 24/7 CCTV coverage).
  • We store any personal data on a 2-factor-verified cloud-based system on a secure website. In addition, the odd piece of paperwork that we have gets filed in a locked cabinet; it is archived periodically and any historic data which we no longer require gets shredded.

The privacy of your data is our top priority. Therefore, we conduct regular data audits and have a secure action plan in place encase our data is lost/destroyed and needs restoring.

If you would like any more information about how Green Machine protects and destroys your data, please get in touch with us at info@greenmachinecomputers.com

Please follow and like us:

Leave a Comment

Your email address will not be published.