Turns out, there is life after GDPR.
We now have extra layers of security over our corporate and customer data. We achieved this without being bogged down by complex and tedious processes – all thanks to new tech on the market.
This is something San-iT have become deeply involved with over the past year.
We have helped clients tighten up data security in myriad ways, helping them meet GDPR legislation for greater protection.
Pulled from our experience, here are some great ideas on how to take your data security to the next level.
Remote working is at the top of many worker’s wish lists. With more flexible hours, people get extra time to balance work with their personal lives helping reduce stress, improve productivity and increase job satisfaction.
But the biggest problem of remote working is the security risks. When working in cafes, for example, the chances of your devices being stolen will be higher than if you worked in an office.
And with employees working off their own devices that may not have antivirus software installed, business data is more likely to be compromised because of hackers or identity thieves.
This is where bespoke 2-Factor Authentication solutions come to the rescue. At San-iT, we’re using 2FA software, called Duo, to help clients tighten up their security for remote workers.
Duo is a versatile and user-friendly solution that providers employees a secure way to log in to their work servers wherever they’re based.
Head of delivery at San-iT, Amarjit Singh, explains how it works:
“Using our 2FA solution, our client’s remote workers receive a request to their phones that they must accept whenever they attempt to log in whilst out of the office.”
The remote worker can authenticate themselves by using something that they have (a username and a password) in conjunction with a device that they own (like a mobile phone).
This greatly enhances their overall security and ensures that, even if their laptop is stolen, access will not be given unless the user can accept the request for access on the employee’s mobile device.
GDPR might have been a burden at the time. But it got us to think about pressing threats to security we’d put in the back of our minds, such as how easy it can be to steal passwords for internet banking.
An article published in October this year by Insurance Times revealed that UK small businesses are targeted with 65,000 attempted cyber attacks per day.
Part of the problem is that a lot of businesses don’t have a proper cyber security strategy in place leaving them vulnerable to advanced threats. For example, they simply rely on passwords for secure banking when, in reality, it’s not enough.
Even complex passwords – those that use a variety of numbers, letters and symbols – aren’t pulling the wool over experienced scammer’s eyes.
As Cormac Herley, a Microsoft researcher who’s been studying passwords for years, puts it: “The cracking software that’s out there has known about all of these tricks for more than a decade.”
How have our clients tackled this problem? In addition to enabling secure remote work, 2FA solutions have been used to provide added defence for online banking. Amarjit Singh describes how:
“We have implemented 2FA within Office 365 for a couple of clients. Because they require an extra device to log in with a bank – like a mobile – it adds another layer of essential security.
“There is an offset of taking a few extra seconds to log in but this is heavily outweighed by not relying on a password alone to be secure.”
Of course, passwords are still necessary – they are the first layer of protection for all our private accounts.
Creating difficult-to-decipher passwords isn’t tricky… but remembering them can be hard work.
Especially if we store passwords for different accounts in numerous places – such as notebooks – it can be a nightmare to hunt them down again. And from a security perspective, storing passwords on paper is a recipe for disaster.
Since the GDPR deadline, we have helped many businesses centralise and secure all their login information to combat this problem. Specifically, we have a password vault programme that enables clients to store all their login details in one place.
For extra protection, once added to the vault all passwords and usernames are encrypted. So, even in the incredibly rare event that hackers gain access to the vault, they can’t view the passwords and use them to access sensitive business data.
Office 365 plays a big role in many of our clients’ businesses. We’ve already talked about the incredible things this platform can do to supercharge growth.
What we need to think about next is how clients are leveraging all of Office 365’s capabilities without putting business data in danger.
Microsoft Secure Score is a tool that helps our clients do this. It measures the platform’s security and offers insights and tasks to further safeguard 365 against online threats.
Users gain in-depth reports on who has access to what (such as your accounts spreadsheet) and from where (alarm bells might ring if it was viewed in another country). So immediate action can be taken if suspicious activity is detected to help you avoid the worst.
Adhering to GDPRs rules isn’t a one-time thing. It’s about continually ensuring yours and your customers’ data is protected against misuse or theft.
Boosting data security for remote work, safer password management, making secure online banking a breeze, measuring security levels… these all ensure GDPR legislation is being met in the short and long-term.
At San-iT, we’re also helping clients obtain their Cyber Essentials, a government-led programme that helps you to guard against the most common cyber threats and demonstrate your commitment to cybersecurity.
So, rather than passing off their responsibilities to a third-party, our clients are making themselves accountable for understanding how secure they are as a company. It is this commitment that fills customers with trust, helping you earn their loyalty and strengthen your relationship.
We think earning a Cyber Essentials certificate is a great place to start on becoming more digitally secure. If you think you might need help doing this, call us for a friendly chat on 0800 084 2575 or email us at [email protected].