Security is a major issue in the modern business, especially in terms of your data. However people do not realise where this data is, let alone whether it is secure. It is important to first locate your data and then to secure it.
There are three key areas involved with this;
• Where your data is
• Who has access to your data
• Where is the data being accessed from
The first involves being clear on the location of your business’s data. Where is your data stored? Is it on a central server or workstations? Is there company data on an employee laptop? Perhaps it is in the cloud, on your website or in a customer portal. It is entirely possible that your data resides in a combination of these places. Knowing where the data is, ensures that you can then proceed to getting further information on securing your data.
After you figure out where your data is, the second thing to consider is who has access to the data.
• Which of your employees has access to which data?
• Is sensitive data accessible by people who shouldn’t be able to?
• Are there authentication protocols in place?
• Are they secure?
• How is it partitioned off, how are the permissions applied, when someone logs in what do they see, what they don’t see?
These all matter because in order to secure data you have to make sure there is clear delineation in access to the data. Data should only be accessible on a need to have basis, as well as defining who needs to be able to simple view data, who can edit data and who can make major administrative changes to the data.
Lastly, you should know where the data is accessible from. This ties into who has access to the data. While particular data can be freely accessed by a particular employee at work, perhaps they should not be able to access that data at home. While they have access on their workstation or laptop, they shouldn’t be able to access this on their phone. So whether it’s from devices on the internal network, like your PC’s and laptops inside your network or mobile devices that are personally owned, just like with who has access the location, where you can access the data (physical location or device) needs to be clearly delineated.
To reiterate, you find out where your data is, who has access to it, and from where they have access to said data before you take steps in securing this data.
The data can be secured via a number of methods such as limiting the number of places the data is stored. The more places data is stored, the less like you are to be accountable for the data. In addition, you can have permission levels for the data sent that are either accessed through a separate login system or piggybacking off an existing one.
The final precaution is to restrict what devices can access your data. A combination should ensure you are on the way to protecting your data.