Cyberattacks are commonplace today. Malware such as viruses, worms and more recently ransomware not only corrupt your data or hold it hostage, but also inflict irreversible damage on your brand and business. As a norm, most businesses these days do invest in anti-virus, maybe a business-class firewall. But, is that really enough? The answer is--NO. Because, they often overlook one important aspect--access. Ask yourself, how easy is your data to access? How can you strengthen the walls that keep your data safe? Read this blog to find out.
Always follow a role-based access permission model--meaning people in your organization have access to ONLY the data they REALLY need. Generally, the higher the designation, the deeper the data access permission and stronger the rights. For example, someone at the executive level may not be able to edit your MIS spreadsheet, but a manager should be able to.
No matter how good your cybersecurity, you need to ensure the protocols are followed at the ground level. Enforce policies regarding passwords strictly and hold violators accountable. Examples include-
Reputable vendors regularly issue security updates for software—including on phones and tablets. Old software reaches end-of-life when the vendor will no longer issue patches. Access your data from systems with unpatched software leaves you at risk of compromise.
Hardware driver and firmware updates have become as important as software updates to protect against threats. Again, reputable vendors issue regular updates and equipment will reach and end-of-life as well.
Virtual security is a must, but so is physical security. Though there is only so much physical access controls can do in keeping your data safe in the BYOD era of today, don’t overlook this aspect. Installation of CCTV cameras, biometrics/card-based access to your workspace/server rooms, etc. also have a role to play in data safety from the access perspective.
Papers with sensitive information should never be left unattended, in the open—say in a printer tray or on your desk when you leave your office. Locked drawers, locked file cabinets and safes should be used.
Mobile devices should be encrypted and have strong screenlocks that activate on short idle time limits.
Finally, train...train...train. You need to train your employees on the protocols for data security and access so they don’t mess up accidentally. Conduct mock drills, refresher trainings, follow up with quarterly audits, and use positive and negative reinforcements to ensure everyone takes it seriously. Because, at the end of the day, no cybersecurity software is good enough, if the best practices related to data access are ignored.