As someone that spends a lot of their time helping companies improve their information and cyber security measures, I am frequently asked “how do I know when my information is secure?”. People usually expect an answer that combines a software checklist and some procedures to be followed. But as every business is unique, with different types of data stored in different places, the answer will be different every time. I always ask three questions.
WHAT information do you have? This defines the scope of what needs protecting. It is going to include client details and what you are doing for them, company financial details, business strategy, HR records and intellectual property.
WHERE is it stored? This question can be the hardest to answer as there may be copies in different locations, all for valid reasons. Think about paper records, your IT systems, the Cloud services you use (such as Dropbox and Salesforce), on laptops, tablets and phones, USB drives, websites and social media accounts.
HOW is access controlled? You need to ensure access is limited to the right people and key information would still be accessible, even if your office wasn’t.
Being secure is more than just an IT issue; you need to provide staff with some basic training to deal with the ‘human factor’ involved in the majority of security breaches. This can be done using online tools or by going through a few PowerPoint slides.
For more information about simple steps you can take to be more secure, contact Ian Grey at WADIFF Consulting.