How could we not talk about data security as October gets underway? Perhaps you know this already, but, in the last few years, October has been dedicated to “cyber security”. It is an opportunity to (re)share best practices in data security and computer and server protection.
There isn’t a week that goes by without a computer security problem hitting the press headlines. Such questions are seldom the focus of our daily preoccupations:
- “It only happens to big multinationals”
- “What could anyone want to steal?”
- “How can you expect me to remember 5 passwords?”
And the list goes on….
I often hear remarks like this when the sensitive subject of data protection is broached.
Where do you start?
Firstly, you need to know where you stand concerning your data security procedures. Let’s be honest, there is no magic formula to secure your data. You need to take restrictive measures. To visualize what I’m saying a bit better, let’s take your house or your apartment as an example.
You probably think it’s ridiculous to have just one key for your gate, your front door, your garage door, your garden shed, your car and your bike lock. You may think it’s even more ridiculous to always use the same key for your company, your office and your filing cabinet. What is true in real life is also true in the “digital” world.
Here are 4 steps towards getting started on your data protection or continuing your efforts:
- Secure all points of access: from proper password management to best practices applied daily. For example: lock your workstation when you leave your office. We strongly recommend that you check what the French National Cyber Security Agency (ANSSI) has to say. You will find practical data by branches of industry and kits to help make your staff more aware of the subject.
- Identify your company’s data: knowing your own data is a key step to making sure it is secure. You would be surprised just how many organizations botch this step and then make inappropriate decisions. We are not going to lie to you. This phase takes a long time. Don’t downplay its importance. But it is as tiresome as it is indispensable.
- Your organization should be appropriate: When you know who does what, it’s much easier to make progress in the right direction together. Having security and/or compliance advisers in each sector makes communication smoother. Don’t forget: security is everyone’s business. It should not be the “sole responsibility” of the ISD.
- Introduce appropriate procedures in case of incidents.This makes things a whole lot easier when dealing with an operational problem. The teams focus on the battle plan drawn up. Don’t forget that in the event of an incident, the ANSSI teams are also very helpful. Check their incident management section.