Anders Söderström, CEO of IT security company Sentor in Sweden, gives his eight best tips for securing your data
Carry out a risk analysis and take action that is tailored to your business: What data is the most important to protect and what consequences can it have if it disappears or ends up in the wrong hands? Address the greatest risks by developing measures that reduce the likelihood that it will happen, or decrease the frequency for when it occurs.
Make sure to stay up-to-date with software, browsers, computers and mobile phones. This reduces the risk of malicious software such as trojans being installed. Use automatic updates as much as possible.
Carefully handle your business-critical information and store it in a different physical location. This can be done manually with standalone hard disks that you move or by using software adapted for this.
Segment your network and place critical systems and databases on one network, and work computers on a different network. This reduces the risk of intrusion into the systems when employees connect their work computers at hotels, airports or cafés and then at the office. Place a firewall between the networks and use it to control which network traffic is permitted to move between them.
Just as regular physical alarms can detect if someone has broken into a space, monitoring of networks and logs along with incident management can increase security. There are service providers that monitor logs from networks and systems to detect potential infringements. This enables you to detect and react more quickly to attacks.
Use multiple virus programs
A virus program is not a guarantee against intrusion. Use several that complement each other: one for scanning emails, another for browsing traffic and yet another on the work computers.
Map cloud services
If your company uses cloud services, map out how the supplier works with data protection and integrity and where your information will be located. Also consider what information is placed in the cloud and be aware that you have handed over control to another company.
Invest in IT security training for your employees to protect important information. Determine and communicate what information is sensitive and how to handle it, such as information that cannot be sent via regular email, but must first be encrypted.