Did you know?
As a Business Owner/ICT Manager it is imperative you keep your data secure. If you do not keep your data secure you could be faced with millions of dollars of fines and possible criminal charges if you neglect the need to keep sensitive data protected.
What is Data Security?
Data Security is measures which are put in place to prevent unauthorized access to computers, databases and websites. It also refers to BCM (business continuity management) to protect data from corruption and to sustain a business when there is a security breach and/or major disruptions.
Why Data Security?
Each year in Australia the average total cost of a data breach is $1.99 Million and the average cost per lost or stolen record is $108 dollars (@IBMSecurity, 2018), these two numbers only continue to grow year over year. With the mean time to identify (MTTI) a data breach of 185 days you could have a breach and not even realise at this very moment! According to cyber security firm CyberArk’s Global Advanced Threat Landscape Report 2018, “45% of Australian organisations say they can’t prevent attackers breaking into their internal networks” Which is even more of a reason to have a system in place to encrypt files and protect your enterprise! (Pollack, M. 2018)
What is Business Continuity?
Business continuity is about the ability to carry on business operations even after there has been a major disruptions like a data breach, natural disaster or even key employees leaving. To minimise the impacts these scenarios would have on the business, putting in foundations and guidelines on how to respond to each and every disruption will ensure you have the best possible chances to recover from a major disruption.
Do you run through scenarios to prepare yourself?
If you don’t see the need to prepare yourself, why?
Read here for more info: https://www.iso.org/news/2012/06/Ref1602.html
What are the implications if I don’t have a formalised structure in place?
With the Australian government putting harsher penalties in place for business’s and operators alike who breach the Privacy Act, it is necessary even mandatory to have a contingency plan in place. These penalties now can incur up to $1.7 million fine for companies and up to $340,000 for individuals who neglect their responsibilities. (ADMA, 2018)
How do I implement Data Security?
The best family of standards is currently the ISO 27000 which helps keep an enterprise’s information assets secure. Using this family of standards will allow for an enterprise to manage the security of assets such as financial info, intellectual property, employee details or information entrusted by third parties. (ISO, 2018) Read here for more info: https://www.iso.org/isoiec-27001-information-security.html
To implement these measures it is best to coordinate with a Security Architect and create a strategy which aligns with your business goals and needs. These strategies and a lot of useful resources can be found through government funded bodies such as the Australian Signals Directorate (ASD) who have “developed prioritised mitigation strategies to assist organisations in protecting their systems against a range of cyber threats”
We make it easy
The solution is Biometric Single Sign On!
What is Single Sign On?
Single Sign-On (SSO) is highly secure means for users/employees to log in to their Microsoft Windows desktop user account plus a lot more. In fact, with a robust SSO solution, you can log in to all your applications irrespective of if they are local, cloud or web without needing to remember all the different usernames and passwords.
An Organisation without Single Sign ON
The biggest issue password policy ignores is the “human factor”. Security experts recommend making passwords “stronger” which means upping password complexity. Yet experts expect employees to conform to the challenge of having to remember the ever-increasing complexity of their passwords. Employees are also expected to change their passwords frequently, especially in some industries (medical) to keep up with the company’s policy and regulatory compliance. In some cases, employees’ have been known to resort to writing passwords on sticky notes attached to their computers.
Mandatory Checklist for Businesses
- Paid Anti-Virus protection – offers comprehensive protection against malicious programs
- Hardware Firewall – Checkpoint
- Document Management Security –
‘The Essential Eight’ which is a baseline for businesses and makes it a lot harder for you system to become compromised. (Acsc.gov.au, 2018)
- Application whitelisting – to control the execution of unauthorised software
- Patching application – to remediate known security vulnerabilities
- Configuring Microsoft Office macro settings – to block untrusted macros
- Application hardening – to protect against vulnerable functionality
- Restricting administrative privileges – to limit powerful access to systems
- Patching operating systems - to remediate known security vulnerabilities
- Multi–factor authentication – to protect against risky activities
- Daily backups – to maintain the availability of critical data
Read here for more info: https://www.cyber.gov.au/publications/essential-eight-to-ISM-mapping