People looking to access information without authorisation often target company networks, using tools that help them check for weaknesses.
In this lesson, we’ll look at some of the steps you can take to help defend your company’s network, systems and software.
Let’s start by looking at access controls in your business.
The first step is to make sure employees can access only devices that are assigned to them. In addition, only enable the services or apps that the employee needs to do their job on those devices. For example, a business might decide that sales staff should be able to access inventory records, but not payroll data.
Unauthorised access can occur if employees share login information. To help counter this, you may consider setting up processes that allow temporary limited access, so that one employee can cover for another without compromising company security.
To keep information confidential, you could also consider encrypting data being stored on any device or service. Encryption helps ensure that only people with the right authorisation will be able to see that data.
Equally, data that you’re sending from one place to another - via the internet or through your own network - should be encrypted, to prevent someone who doesn’t have authorisation from reading it.
Intruders can be a threat to the security of any network, but there are steps you can take to help protect your business data online. Let's take a look at some examples.
Wi-Fi passwords are one of the most common weaknesses of a company’s internal network. New wireless routers often come with standard default passwords, so change the password for your router to something that can’t be easily guessed by unauthorised users.
Network segmentation means splitting a computer network into smaller networks - or subnetworks - and separating them from each other.
Each subnetwork can contain a group of systems or applications. For example, you could have a subnetwork for the inventory control systems, while another subnetwork has payroll systems running on it.
Segmenting systems like this can help you keep information isolated to where it needs to be, limiting the network traffic between systems to only what’s necessary.
A good way to ensure your policies and controls cover all the hardware, software, systems and other devices in your business is to create a record of your company’s digital assets.
Start by working out what your company’s digital presence consists of. Which platforms, tools and software are you using? Are they up to date? What accounts do you have? What hardware do you use? Who uses your devices, software and hardware? Don’t forget to include suppliers and customers, as well as employees.
Answering these questions will help you identify your online assets and create an asset inventory, which is the first step towards improving a business's online security.
For example, you might discover out-of-date software, which could be an attractive target for people trying to gain unauthorised access to information. Finding these and updating or uninstalling them can help reduce the risk to your business.
It’s also important to have a plan ready in case you detect a security problem or if a potential issue is reported by an employee, vendor or security specialist.
A data breach response plan outlines who’s in charge and what needs to be done if sensitive or confidential data is viewed or stolen by an unauthorised person. This response plan can protect a business’s assets by ensuring that action is taken quickly when things go wrong.
Take time to develop your plan in advance, so you and everyone in your business know what steps to follow if and when a security incident like a data breach occurs.
To wrap up, taking proactive steps to secure your company systems in advance - is vital to reducing the risk of unauthorised access. Ensure you’re prepared and develop a clear plan of what to do if something does go wrong.
- access controls, encryption, wi-fi passwords and network segmentation
- how managing an asset inventory can help improve your company's online security
- why a detection and response plan can be useful in case of a security breach