Having been involved in the field of Technology and IT Security, we have realized that one of the greatest threats to this ever-evolving field is that of security of online content. We have read of numerous case studies of how information stored on an organization’s network servers got destroyed or fell in wrong hands altogether. Companies have been held at ransom, uprisings have occurred in companies where confidential information has ended up in the hands of the general workers. As a result of data security threats, many have developed a phobia of computers to the extent that even if you would donate a computer they would be reluctant to do anything meaningful.
To stop such incidents, here are top 9 Security Considerations you should follow to improve data security at workplace. We have included different types of security data measures. Read On!
1. Physical Security –
You can enhance access to your office block or anywhere where there are computers by ensuring that you have a physical guard in the form of people who inspect equipment at the points of entry and exit into the organization. Physical security includes burglar bars on all windows, door screens that are lockable for all doors. This is the first deterrent that anyone seeking to steal a laptop, or any electronic devices would face. Employees can participate in the security of their equipment by holding each other accountable for their movements and actions. It is also important to remove access to the network hubs by locking the active equipment in those cabinets. Restricted areas should have access control cards or be able to detect fingerprints. Hence, you fortify data security at physical level.
2. Passwords/Passphrases –
One common way to ensure the security of corporate data is the effective use of passwords. A password is a secret code that one needs in order to open a document, access a computer network or database. The password must be complicated enough such that no one can easily guess it but easy enough for the one creating it to remember. A minimum of 6 characters is recommended for length of password. A computer can be locked at CMOS level even before the operating system finishes loading. This is more effective as people cannot even go as far as deleting data on the computer as they literally have no access to the machine. Another effective technique is introducing the practice of passphrases at individual and organizational level. For those who don’t know, passphrases are longer sequence of words that are used to control access to devices. For example, “I’[email protected]$$wordIsGood1”. These passphrases are comparatively stronger to passwords. By using stronger passphrases, you stand a chance against hackers. Amalgamating other measures will enhance information security at workplace.
3. Hard drive lock –
There are tools available for you to put a drive key (password on your hard drive) such that it becomes useless to anyone who steals it.
4. Backup –
This is the storage of all corporate data on media that is locked away in a safe off site. Depending on the volumes of data being processed, daily backups may be necessary for corporate servers while individuals can be alright with a backup. You can lose all your computers but you will be back on track if you have a recent backup. Information is harder to replace than actual hardware. You can backup on magnetic tape drives, external hard drives, compact disks and digital video drives (DVD). However, the best form of data backup is cloud backup. You can access it from anywhere, any device, anytime when it is most required.
5. Intrusion detection and firewalls –
Data protection is not complete until you install an intrusion prevention software called a firewall. This prevents people who are not authorized from accessing the corporate network over the internet. Sometimes is a an actual unit (box) that is installed and in other instances it is software installed on one of the gateway servers (one that acts as a conduit through which the rest of the network gets internet access)
6. Antivirus/Antimalware Protection –
Viruses are a huge threat to data. A virus is a program that is malicious to the extent that it can wipe off a hard drive making it virtually unusable and hard to operate the computer. Every single day, new viruses are being released to spread over the internet. Every computer that goes on the internet requires an antimalware program which is continually being updated daily. Installing an antimalware protection layer in the form of software has always been considered as one of the best types of data security measures.
7. Disaster Recovery Plans Should Be Documented (DRP) –
In the quest to protect data, all the policies and procedures that a company follows to get out of a disaster must be documented. It is of no use having all the wonderful measures to protect data but all residing in on person’s head. If that person ever leaves the company, they immediately become a threat to the organization. Always insist on ensuring the DRP is documented and is continually being updated.
8. Have Printed Copies –
One effective way is to ensure that information does not just stay in electronic form but is also printed out and filed. The files must be in lockers where not everyone can do what they want or desire with the information. Extra care is needed. I was in a company once where a printout of salaries had been done and this ended up looking like trash that needed to be dumped. The same information was found in the compound where employees lived being used to wrap things that people had bought. One employee discovered it and immediately raised an alarm leading to an uproar.
9. Shred Unwanted Papers –
Instead of throwing papers in a dustbin, always shred them such that no one else can put the information or reports together ever.
Practice these ways to improve information security at workplace and even at individual levels. Soon you will experience an enriched data security level. Cyber criminals are always exploring new trap doors and hence the data security methods will change too by time. For more updates on Information Security, subscribe to our newsletter now.