As approximately 90% of data loss / data breaches are as a result of human error, a pragmatic approach to help reduce the risks involved related to “cyber crime” is required. It is, unfortunately, not possible to reduce your risk completely but there are a handful of basic fundamentals that, using the 80/20 principal, may help protect your computer infrastructure from such attacks.
Please note the following and take heed of the warnings:
A good place to start is an awareness of the main threats and then try to mitigate these as far as possible. Below are a few of the main threats which need to be addressed as soon as possible:
The next place to pay attention if you are a network owner (include here any small business network) is the segregation of access to information i.e. grant the employee access to that which they need access, and only that. This is also known as the concept of least privilege and allows that should a user (other than the system owner / admin) be compromised, only the data they have access to can be compromised.
The following statement is said with some regret, but unfortunately needs to be said (by taking this approach, you can better prepare for such an eventually than be caught wanting):
Rather assume that your system will be breached than assume it will not!
Some training options to consider to make you and your business more aware of the threats (these are all free, so may not be in depth but more comprehensive options are available. There are also a multitude of providers that can assist with in-house training if required):
This document will be incomplete if mention is not made of the importance of having continuous backups of your information.
Here are some of the main reasons why a data backup is so important:
The fact that you have a current backup of your data, will help keep your business going in times of trouble and give you as the system owner peace of mind that there is a possible route of recovery when things go wrong.
A note here would be that a good backup system has both internal and external recovery options i.e. store a backup with an offsite service provider to give your business continuity plan a place to start.
Unfortunately, backups do not always have a one size fits all solution and depend on factors such as do you want the backups to be on or off-site so talking to your desktop support agent or network owner is a good place to start. Alternatively, here are a few product providers to consider: