Do you know if your organisation is leaking data? If not here is how you find out.

The Problem:

Most organisations in the UK over the last view years have taken a fairly relaxed approach to consumer-grade sync solutions. Consumer grade sync solutions like Dropbox, Box, Google Drive, Skydrive and iCloud to name the top ones.

Unfortunately a lot of IT support companies are only just ‘switching on’ to the fact that this is a huge risk and actually a security breach on your business… here’s why.

If a user using Dropbox or Google Drive, etc. on their work machine and is then syncing their files to their iPhone, tablet or laptop, it doesn’t take more than this to seriously put your company data in a vulnerable state.

Consider this, small common mishaps happen, such as an employee losing their iPhone for example, there is no lock enabled (which is very common), the password on Dropbox is saved (again very common). If picked up by someone else other than the relative employee at your company would potentially put large amounts and often critical pieces of corporate data in a compromised state. 

Another example, Employee departures, voluntary or not again put your data at risk if these consumer-grade sync solutions are being used. There are loads of stories of organisations who have sacked an employee and seized their devices only to find out that user was syncing their entire work folder to a home PC with Dropbox or the like. This poses a massive problem as sacked employees don’t often return phone calls or emails, etc. And taking legal action to reclaim your compromised data is expensive. 

What can you do?

Begin to weed out data leakage risk. This can be done in conjunction with your local IT services company or managed services provider or if you have internal IT staff they can begin to take measures to do this. 

What we recommend?

We don’t recommend taking a hard-core ‘lock down’ methodology as this often creates an unwanted culture in the office place. What you can do is start by weeding out the most risky applications and data leakage risks. If you block such applications like Dropbox, Google Drive, Box and Skydrive at the firewall users will not return to using them. 

Application management at the network level, like access controls and content filtering, should be a standard component in any managed security offering by your IT services provider. 

Once these dangerous consumer-grade sync solutions are blocked at the firewall than you can begin to replace them with business-grade sync solutions that have the additional security and control features you must have. 

 

Thanks

The soFileIT Team

You just found out one of your employees had their laptop stolen…

Quick, What Do You Do?

The bottom line is no matter how careful you are with your laptop, mistakes occur and losing a laptop (or having one stolen) is likely to happen to you or your employees at some point in time.

Recent figures from UK police forces show that over 34,000 laptops are reported stolen each year. This is almost 100 per day and only deals with those that are actually reported to the police.
Source: creativematch.co.uk

In the hands of a relatively unsophisticated hacker, all of your laptop information can be transferred off, often exposing an open back door into your network. This is no different in giving a thief the key to your office and the code to deactivate the alarm.


Imagine the embarrassment of having to contact all of your customers to let them know THEIR confidential information may be compromised because one of YOUR unsecured laptops is in the hands of a criminal!

Asking employees to be more careful about where they keep their laptop IS a good step in the right direction, but accidents happen and it would be naive to think that thieves aren’t always on the prowl.


For this reason measures should be taken to lock down and secure any mobile devices you and your staff use to access your company’s network.

Here are just a few things that should be looked at: 

Encrypt All Information – Drive encryption software such as BitLocker (which is included in some versions of Microsoft Windows Vista and Windows 7) can secure all the data on your hard drive. Also, check your computer to see if it has a Trusted Platform Module (TPM) chip which is generally more secure than those without TPM.  

Multi-Level Access Security – Don’t rely only on passwords to keep your laptop safe. Hackers can usually break most passwords in a few hours. We recommend adding a second way for people to prove that they are who they say they are BEFORE they are able to log in.


Some people use smart cards to do this, but fingerprint pads are gaining in Log / Back-Up Information – It’s critical to log and back-up all information on business laptops to ensure smooth operations in the event of loss or destruction. We can automate the backups so they are done ON SCHEDULE and in a way that won’t interfere with the useof the laptop.      

The Right Response - What happens when an employee loses a laptop? Do you have a next step action plan in place? If not, we suggest calling us immediately to report the loss (Note: clients on our 360 Managed Services plans will get after hours support for situations like this).


The sooner we know, the sooner we can take preventative actions to lock that laptop out of the network and set active monitors for any internet activity on the stolen laptop. If we pickup on any we can usually detect an IP address which we can then send to the local police authority for tracking. A blame culture where people are afraid to report losses is actually much worse for security.

77% of organisations say protecting their data is important, but only 11% prevent it from leaving the building. (Source: toshiba.co.uk/informationassurance)

Take the time NOW to secure your laptop and limit the damage to your business if it happens. soVision specializes in IT security and in securing business data like yours, and making sure it is available whenever you need it, so give us a call at 0845 450 3669 to discuss encryption options and how to make your business network more secure.

soVision - Complete IT Services Provider

Professional and friendly IT Support Services to businesses across Bristol, Bath and throughout the South West responding quickly to fix all your IT problems.

IT SERVICES | BUSINESS IT SUPPORT | BESPOKE WEBSITE DESIGN | CLOUD COMPUTING

Hardware and software can easily be replaced but a your data cannot

One of the most valuable assets in your company is your data and you should always do everything you can to make sure you don't lose any of it.

Here are 4 simple things you can and should do to make sure your company - and your data - is protected against and ready for any disaster:

1. Back up your data remotely - Everyone knows data should be backed up on a daily basis but many people still use in-house tape drives which can get damaged in a natural disaster or fire and can easily be stolen. We recommend backing up all your data to an off-site location away from such dangers and harm.
2. Use a surge protector and uninterruptible power supply battery - A high-quality surge protector combined with an uninterruptible power supply battery backup will go a long way towards protecting your sensitive electronic equipment from power surges and other electronic irregularities which can destroy your computer’s circuitry.
3. Make sure your servers are off the floor - If your office gets flooded, ensuring your equipment is off the floor will prevent it from being completely destroyed. Server racks which server this purpose are easy to find and are very inexpensive to install.
4. Have a disaster recovery and business continuity plan - Every business should have some type of plan in place for continued operation after a disaster. Hopefully you’ll never need to use one but having a simple plan will make you sleep a lot easier at night knowing you have a way to continue your operatations if and when disaster strikes. It can be as simple as making sure people know where to go and who to call in a disaster situation and ensuring they know how to log in and access our data remotely.

If you need help or any advice in any of these areas please get in touch as we can not only help get you prepared but get you back up and running fast in the event of a disaster.

To find out more about our Backup and Disaster Recovery services or any of our IT Support or other IT Services please contact us via email at info@sovision.com or call us on 0845 450 3669.

soVision - Complete IT Services Provider

Professional and friendly IT Support Services to businesses across Bristol, Bath and throughout the South West responding quickly to fix all your IT problems.

IT SERVICES | BUSINESS IT SUPPORT | BESPOKE WEBSITE DESIGN | CLOUD COMPUTING