The use of computers in companies has become mandatory – whether it’s accounting, e-mail correspondence or business planning – whatever it is you do, it’s quicker and cheaper do to it on a PC. There’s less need for printers, copiers, and file storage facilities.
Still, the security of this data is often overlooked. Whereas paper files are often stored in secure cabinets, the need to secure electronic data is neglected, but it’s extremely important. There are two ‘modes of failure’ when using computers, consisting of human and technological shortcomings. Both must be addressed in order to ensure true data security. That’s why most measures focus on establishing a synergy between the users and the workstations.
Proper application of these protection methods will also help you ensure and prove compliance with the privacy regulations, such as the EU’s new General Data Protection Regulation.
1. Master Security Settings
There’s little use of introducing passwords if the prompts can be disabled with a few mouse clicks by tech-savvy employees. Whenever possible, you should ensure that employees don’t have access to admin accounts that are used to set security policies.
Many applications and operating system have some sort of access controls, such as master passwords. This makes it impossible, or at least not worth the hassle, to change the preferred security settings. Group policies can be used for this purpose to prevent access to Control Panel, for example.
2. Regular Updates
For smooth operation, especially if the computers are connected to the Internet, you should ensure they are running anti-virus applications whose definitions should be updated regularly, at least once a week, but preferably daily.
Do not neglect the automatic OS updates. They can patch serious security flaws and enhance the reliability of the system in general.
3. Installation Privileges
Unauthorised software applications of dubious origin could present a massive security flaw to your whole network. You should prevent and regularly uninstall unnecessary applications installed by the users.
Policies like that can be configured in the Group Policy editor, however this can be circumvented and dedicated programs like DeepFreeze may be necessary.
4. Password Protection
Require a login password for each of your workstations. You can create enterprise networks where each worker gets their own login details as well. Ensure the passwords are kept safe – discourage writing them on post-it notes around the workplace.
To prevent password fatigue, consider implementing a single sign-on system. It’s better to have one safe password than compromise security with several weak log-ins.
5. Session Time-outs
If a computer is left idle for a long time, it can pose a security risk if the user is away, since the programs stay open and data can be accessed. You can prevent this by setting up session time-outs. After a predetermined amount of idle time, the computer will lock and require the user to reinput their credentials.
Some companies have enacted even more elaborate systems employing proximity sensors that detect when a person is away from a PC. As you may have guessed, that is nothing a piece of tape or gum would not fix. This only highlights the importance of implementing sound security principles.
6. BYOD Restrictions
When handling personal data, bring-your-own-device policies can be very dangerous. BYOD poses inherent security risks, and exposing such devices you don’t have control of to sensitive personal data is asking for trouble.
Fortunately, there are plenty of enterprise mobility management solutions available that can isolate these devices into an environment separate from workstations. Some have the option of remotely wiping devices if lost or stolen, but BYOD as a policy should be restricted to working only with non-sensitive, low risk data.
7. Data Handling
If you are processing or storing sensitive data on your workstations (employee records, personal information, company financial data), it is absolutely necessary to prevent data transfer to external storage devices, such as USB dongles, DVDs or hard drives.
Unfortunately, there is not much you can do short of physical security searches, but giving only trustworthy and responsible employees access to sensitive data is your best bet.
8. No Internet
Computers with stored sensitive personal data, or computers where such data is being processed, should be offline at all times if possible. Unauthorised access and processing is a serious threat if the computers are connected to the company network and the Internet.
Of course, this measure does not apply to regular workstations or computers where low-risk data is being stored.
Consider enacting full-disk software encryption on operating system drives of select devices and computers to further enhance safety. That way, even if attackers were to obtain unauthorised access to data, they would not be able to decrypt and misuse the contents.