Practical pointers to help you improve workplace data security

Keeping sensitive data safe and secure is a challenge for businesses of all sizes. Major shifts in the workplace – from in-person to remote and hybrid productivity – forced companies to change, or at least re-assess, their cybersecurity practices and protocols. And far too often, they were not adequately prepared for the evolving cyberthreat landscape.

In fact, according to CyberEdge’s ninth annual Cyberthreat Defence Report, more than 80% of organisations suffered from a successful cyberattack in 2021. With data privacy and data security top of mind, businesses are looking to strengthen their defences against cybercriminals. Here are four simple steps you can take to better protect your workplace data.

1 | Identify the ‘crown jewels’ of your business

Knowing what kind of data cybercriminals want is an essential part of your defence strategy. Therefore, creating an inventory of your so-called crown jewels (the most valuable data and data-related assets within your organisation, including hardware and software information) is important.

In addition, you should have a current (and actively maintained) list of every end-user who has access to your critical business data. Keep accurate records, with device and location details, so that you can carry out the necessary forensic investigations in the event of a data breach.

• Further reading: Security must be part of your online business playbook
• Further reading: Three simple ways to improve your data privacy

 2 | Make sure you’re updating and authenticating – always

Keep your operating systems, software packages and web browsers up to date and ensure that all devices have automatic updates enabled. When your connected environment is well maintained, with patches and updates carried out timeously, then your overall security posture is that much stronger.

In addition, make sure that your staff use multifactor authentication (MFA) when they log in. Simple username-and-password combinations are not enough to keep cybercriminals at bay, and MFA could mean the difference between a successful or an unsuccessful hack.

• Further reading: Stop viewing security as a grudge purchase
• Further reading: Rethinking cybersecurity for a work-from-home world

3 | Actively monitor your connected environment for suspicious activity

You should monitor your IT environment continuously to detect misconfigurations, vulnerabilities, breach attempts, and cyberattacks in real time. If you have dedicated cybersecurity personnel, they can implement endpoint security technology to help monitor your network. If not, you can bring in SecOps experts to actively identify, investigate, and mitigate cyberthreats 24/7/365.

Moreover, make sure that everyone in your organisation understands the importance of good cyber hygiene and is following the security policies you have in place. When your people know how to spot phishing attempts, for example, then they can respond appropriately.

• Further reading: Can you spot these common types of phishing?
• Further reading: Three ways to shore up your defences against phishing

4 | Prepare your response plan in advance

No matter how many safeguards you have in place, the unfortunate reality is that cyber incidents still occur. However, responding in a comprehensive manner will reduce the impact on your business and send a positive signal to your customers and employees. Therefore, you should have an incident response plan prepared in advance.

This document should be stored safely and your dedicated response team should be able to access it quickly when the need arises. Make sure your incident response plan includes clearly defined technical, operational, legal, and communication-related steps for your team to follow.

BUI is proud to be a Champion organisation for the 2022 edition of Cybersecurity Awareness Month. This article was originally provided by the National Cybersecurity Alliance and is republished here with permission.