Security. The true meaning of this word is often underestimated. People tend to overlook potential threats when everything is alright. It applies also for the world of business. However, companies which have experienced loss of sensitive data, now pay much more attention to this issue.
Anyways, it´s important to focus on cyber security, because broken trust and reputation do not restore easily.
If you underestimate security, hackers can hack into your systems without bigger effort. However, it´s important to realize that you can never ensure 100% protection. When the system is in operation, it´s always exposed to certain level of risk. It´s important to be aware of them and try to eliminate them as soon as possible. The risk can be reduced by a security software. Although it requires some initial investment, we recommend rather to pay for security than compensate lack of it later on.
What has infuence on security of sensitive information?
- People – often do not realize value of information they work with and underestimate its protection.
- Availability of tools – nowadays, anybody can be a hacker. There are plenty of free tools on the Internet to guide newies – hackers. Companies, which are not dealing with cyber security at all, can be endangered.
- Statement: “Our company is too small. Who would be interested in attacking us?” – Majority of small and medium companies think that. However, the truth is that every organization, no matter how big it is, can become a target of an attack.
- Obsolete technologies – technologies which have been used in a company for a very long time were developed to protect against threats, but they were up to date just back then. The longer software exists, the bigger potential risk is.
Microsoft, a world IT leader, has a solution in its portfolio able to protect your data.
Which solutions can help you increase protection of company data against potential threats?
Threat: Simple passwords
Passwords are often considered to be a necessary evil. Employees often have them stuck to their computers or stored in a web browser. They are usually very simple, so they are easy to remember. Microsoft Office 365 offers multi-factor authentication, preventing from password abuse. Multi-factor authentication can be easily set for online services and thus solve many security issues. It can be in a form of a phone call, SMS, confirmation via a mobile application, etc.
Explain to your employees that 15 seconds of multi-factor verification is just a small price for safe access to sensitive information.
Threat: Malicious e-mail attachments and web links
Lots of those who were previously hackers are now “businessmen“. They send attractive messages, create realistic copies of bank web sites and manipulate with people´s emotions.
Microsoft solutions can detect them within couple minutes. A system, unlike people, does not trust attractive messages and can immediately delete those defined as dangerous. “Safe Attachments“ is a Microsoft Office 365 function, which opens each and every attachment, looks for malware and detects potential threats. Functionality “Safe Links“ protects its users against malicious web links. These links are often used when gathering information through phishing.
Threat: Virus attacks
A document deleted by accident, loss of confidential information after a virus attack… To prevent such situations, configurate your system in a way that your documents stored in your computer or laptop will be synchronized automatically with the OneDrive for Business cloud storage. The system can restore the latest version of a file as well as all its previous versions.
Threat: Downloading information from a disk without a password
Today, information gets lost usually together with devices. A laptop forgotten at the airport, a USB key fallen out from a bag… All those incidents lead not only to unplanned shopping of new devices, but also to serious risk of unauthorized access to the lost information. Even if your computer is protected by a password, it´s not a problem to break it.
Example: At public places in USA and Canada, several cell phones with a software tracking their activity got lost. Up to 60% of people who found them didn´t bother to try to return them. Within couple hours, new „owners“ started to look at the documents, pictures and application stored in those cell phones…
Encrypt all disks and USB keys containing confidential information via BitLocker tool. You still won´t be happy of loss or theft of your device; however, no unauthorized person will have access to your sensitive data.
Threat: Company data stored in personal devices
Although employees´ work phones can be their own property, the data inside them belong to their employer. So, it happens that former employees still keep customers´ e-mails or contacts.
If your employees manipulate with work emails or documents through their own mobile devices, you should protect those data. If you connect the cell phones to Intune, you can configurate them and after termination of employment, you can delete business-related or all data. It means that company emails and business documents stored in personal smart phones will not be “dismissed“ together with an employee. In case of loss or theft of a device, data can be deleted remotely.
Threat: Leak of documents
How to protect sensitive information in case an employee sends them to a wrong e-mail address accidentally so the exposed information can be abused?
Example: When the G20 Summit took place in Brisbane in 2015, an Australian ministry employee sent detailed passport information of its officials to an administrative worker of the Asian football cup (AFC). When inserting the e-mail address, he clicked automatically on the first e-mail address from the list of suggested addresses without checking it and clicked “Send“.
As prevention from such situation, we suggest implementation of Azure Information Protection, which helps to keep sensitive information within the company. This technology can be integrated with the Office 365 application package what promotes encryption of Microsoft Word and Microsoft Exchange files. By using it, it´s possible to restrict access to documents, so sensitive data will be delivered only to authorized persons.
Threat: Weakened infrastructure security
For sure you feel better with all relevant information at hand. However, have you ever thought of what could happen if somebody broke into your company premises? You could lose all devices containing sensitive information.
From the perspective of security, your data will be much more protected in place secured by strict rules. If you would like to enter a datacentre, you would have to pass several security measures including multi-factor authentication, biometry and your every movement would be tracked by security cameras. Datacentres are holders of various certificates confirming their reliability. Such level of security can be provided only by a handful of companies in the world.
Example: The Hospital in Utah kept patient records in secured storage. Records were delivered to the storage by a courier every day. One day, before a weekend, the courier did not deliver the box with sensitive information into the storage and instead, he left it in his car overnight. The car was burgled that night. This unwise decision of his cost the hospital several million dollars which had to be paid to patients as compensation.
If the data were stored automatically in a technologically save cloud storage, the situation could have been prevented.
To get universal protection of sensitive data, there is not any magic button. At the same time, there is not a single software product which could guarantee 100% protection on all levels. However, Microsoft offers software products which can increase data security and protect your business from hackers. Many of mentioned functionalities can be found in the Microsoft 365 package.
Do you want to increase security of your company data? Do not hesitate and contact us. We will be pleased to offer you a free consultation.