Who does not know the? You find a sensitive document in your team folder that all team members have access to, and you wonder: is this really okay?? Or your team stores your passwords in a Word document and you think: Is this really secure??
In this article, we show you how to get started with IT security in your company if you do not yet have a security concept. We’ll go over the four most important areas you should consider in your concept.
How do I start with the topic of IT security?
Before we go into more detail on how to implement specific tips, you’re probably wondering: How do I actually get started?? No matter how far along you are in IT security, the first step should always be to assess the current state of your organization. This is the only way you can then determine which areas you need to improve in. The following questions can help you to determine the current status:
- What data exists in your company?
- Which of these data are sensitive?
- How are your files currently shared and stored?
- And by whom?
It is important to understand that IT security can only work if your security concept is holistic. If, for example, you only improve your technical infrastructure and don’t think about whether everyone knows how to use it, then your concept will not work.
For a holistic concept, you should think about the following four points in particular:
1. Educate your employees on security topics
The training of your employees and an open error culture are important building blocks for a holistic IT security concept. It can always happen that mistakes are made when it comes to IT security. At this point it is crucial that you deal openly with these errors. All team members should be able to voice their uncertainties and mistakes without fear. You should be able to openly address your mistakes without facing negative repercussions for doing so.
Safety is teamwork! It is the task of the entire team to create structures that enable everyone to follow and understand the guidelines. One important measure to achieve this is regular employee:inside training. In these training sessions, you can answer questions such as how to create secure passwords or how best to use a public WLAN network.
In addition to internal training, you can also use various other measures to raise your team’s awareness of IT security:
- An introduction to IT security as an integral part of onboarding for new employees.
- A newsletter with regular security tips.
- An IT security policy to record the most important rules in writing for all to see.
- External workshops on selected topics as additional training (by the way: LaceWing Tech offers workshops tailored to your team). We are happy to advise you.).
2. Choose safe, user:friendly software from the outset
Imagine that one of your employees is pressed for time and has to meet an important deadline. He or she is trying to upload the data to your cloud to share with a colleague, but somehow it’s not working properly. Pulling sensitive data onto a USB stick and then sharing it, on the other hand, can be done in a matter of minutes and the deadline can be met. What would you choose in this situation??
A secure cloud is only half the battle – it also has to be user:friendly. If you have a secure cloud, but it is very complicated to use, your employees will switch to simpler alternatives depending on the situation.
Also, security should be hardwired into the software as a standard feature, not just another feature you can use when needed. For example, if your cloud is encrypted by default, your data is secure. You don’t need to worry about additional security settings.
One way you can set up a secure, yet user-friendly cloud is to use Nextcloud over our Lacewing Cloud. As you are used to from other setups, you can store, sync or share data. The difference: your data is securely encrypted using Server Side Encryption.
3. Check who has access to your offices
Have you ever thought about how secure your office space actually is? Especially during lunch break, many offices are empty and unattended. Could you conceivably have an outside person come into the building at this time and look at your sensitive documents on the desks, or even have access to an unsecured computer??
The security of your office space is another important component of your security concept. Here, you should think about the following questions in particular:
- Do you lock your rooms when all employees are on lunch break, for example??
- Who has access to the offices?
- Are sensitive documents locked in a filing cabinet?
- Is sensitive data often left open on the table?
A widespread misconception is that you absolutely need a server directly in your own office (on-premise cloud) to ensure a particularly high level of data security. But this is often not really safer. Because your office can be broken into. In most cases, your server room is significantly less secure than a hosted cloud. We would be happy to advise you on which solution (on-premise, hosted or hybrid) makes sense for you.
4. Perform regular backups
IT security does not always have to do with attacks by external parties. You have probably accidentally deleted a document or been unable to access your data due to a technical defect. You are not alone with this.
Data loss in businesses is a common problem that results in large financial losses every year. In a survey conducted by Dell Technologies, 82 percent of the companies surveyed said they had experienced problems with downtime or data loss in the past year. You assume that these problems will increase in the future.
It’s even more important that you keep your backups safe and regular to avoid data loss problems. For one thing you should use an automated process. How to remember to make your backups.
By the way: With the Lacewing Cloud you have the extra security of regular and automatic backups of your data. You can even view different intermediate document states and restore them if needed.
We hope that we were able to give you a good introduction to the topic of data security with these tips. If you want to know more about IT security for small and medium business, feel free to contact us. We are happy to advise you.