Data Security Management

Data / Disk Encryption

Secure Data Transmission

eMail / VPN Security


Physical security, network security and security of computer systems and files all need to be considered to ensure security of data and prevent unauthorised access, changes to data, disclosure or destruction of data. Data security may be needed to protect intellectual property rights, commercial interests, or to keep sensitive information safe. Arrangements need to be proportionate to the nature of the data and the risks involved. Attention to security is also needed when data are to be destroyed.


Tips ….

 

Data Security Requirements:

  • Control access to rooms and buildings where data computers or media are stored
  • Log access to and movement of all media and hardcopy material
  • Transport sensitive data only under exceptional circumstances
  • Sending data to a computer manufacturer may cause a breach of security so remove media storage devices first

Network security:

  • Do not store confidential data containing personal information on servers or computers connected to an external network, particularly servers that host internet services
  • Ensure you have strong firewall protection and security-related upgrades and patches to operating systems have been applied to avoid viruses and malware

 

Titan Atlas | Data Protection

As IT Professionals it is important to tighten all security within our organisations and that of our clients. It is also important as IT professionals to educate high end management, at board level if necessary, and insist that all possible security precautions are addressed as appropriate.

Of course there are risks with everything we do, but being an IT Pro you may not actually be aware of all the implications of data protection and what it entails. You may also find that your CEO is probably not up to date with it all either.

We can educate, direct, and manage your organisation to get you on the right track toward protecting your systems and associated data along with the supply of suitable network management tools to control your data security.

Data protection is of paramount importance to your business survival, reputation, and that of your customers and staff, so to help you get started here are some top tips from the ICO (Information Commissioners Office). Please consider this information very carefully.

Our experience reveals that even the simplest of security tasks are overlooked in most business environments.


More Tips ….

For computer security:

  • Install a firewall and virus-checking on your computers.
  • Make sure that your operating system is set up to receive automatic updates.
  • Protect your computer by downloading the latest patches or security updates, which should cover vulnerabilities.
  • Only allow your staff access to the information they need to do their job and don’t let them share passwords.
  • Encrypt any personal information held electronically that would cause damage or distress if it were lost or stolen.
  • Take regular back-ups of the information on your computer system and keep them in a separate place so that if you lose your computers, you don’t lose the information.
  • Securely remove all personal information before disposing of old computers (by using technology or destroying the hard disk).
  • Consider installing an anti-spyware tool. Spyware is the generic name given to programs that are designed to secretly monitor your activities on your computer. Spyware can be unwittingly installed within other file and program downloads, and their use is often malicious. They can capture passwords, banking credentials and credit card details, then relay them back to fraudsters. Anti-spyware helps to monitor and protect your computer from spyware threats, and it is often free to use and update

For using emails securely:

  • Consider whether the content of the email should be encrypted or password protected. Your IT or security team should be able to assist you with encryption.
  • When you start to type in the name of the recipient, some email software will suggest similar addresses you have used before. If you have previously emailed several people whose name or address starts the same way – eg “Dave” – the auto-complete function may bring up several “Daves”. Make sure you choose the right address before you click send.
  • If you want to send an email to a recipient without revealing their address to other recipients, make sure you use blind carbon copy (bcc), not carbon copy (cc). When you use cc every recipient of the message will be able to see the address it was sent to.
  • Be careful when using a group email address. Check who is in the group and make sure you really want to send your message to everyone.
  • If you send a sensitive email from a secure server to an insecure recipient, security will be threatened. You may need to check that the recipient’s arrangements are secure enough before sending your message.

For using faxes securely:

  • Consider whether sending the information by a means other than fax is more appropriate, such as using a courier service or secure email. Make sure you only send the information that is required. For example, if a solicitor asks you to forward a statement, send only the statement specifically asked for, not all statements available on the file.
  • Make sure you double check the fax number you are using. It is best to dial from a directory of previously verified numbers.
  • Check that you are sending a fax to a recipient with adequate security measures in place. For example, your fax should not be left uncollected in an open plan office.
  • If the fax is sensitive, ask the recipient to confirm that they are at the fax machine, they are ready to receive the document, and there is sufficient paper in the machine.
  • Ring up or email to make sure the whole document has been received safely.
  • Use a cover sheet. This will let anyone know who the information is for and whether it is confidential or sensitive, without them having to look at the contents.

For other security:

  • Shred all your confidential paper waste.
  • Check the physical security of your premises.

Train your staff:

  • So they know what is expected of them;
  • To be wary of people who may try to trick them into giving out personal details;
  • So that they can be prosecuted if they deliberately give out personal details without permission;
  • To use a strong password – these are long (at least seven characters) and have a combination of upper and lower case letters, numbers and the special keyboard characters like the asterisk or currency symbols;
  • Not to send offensive emails about other people, their private lives or anything else that could bring your organisation into disrepute;
  • Not to believe emails that appear to come from your bank that ask for your account, credit card details or your password (a bank would never ask for this information in this way);
  • Not to open spam – not even to unsubscribe or ask for no more mailings. Tell them to delete the email and either get spam filters on your computers or use an email provider that offers this service.

Titan Atlas take data protection very seriously, and have very harsh views on how a business should conduct itself when hosting client and staff data. For more information please book an appointment with one of our consultants to discuss any concerns you may have.

ContactUs