Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Digital security: Don’t leave the key under the mat

Digital security: Don’t leave the key under the mat

locked computer

There’s no magic bullet when it comes to protecting your data, it’s about finding the right balance between security and convenience. You should view security more as a risk to be managed than a problem to be solved.

It would be really convenient to leave your house keys in the front door so they’re always there when you need them, but the security risk is just too great. At the other end of the spectrum, it would be safer to lock your house keys in a vault at night rather than leaving them on the kitchen bench, but that’s just too much of an inconvenience.

Apart from the hassle, vaults are expensive and locking away your house keys obviously doesn’t guarantee you’ll never be burgled.

You obviously need to choose the right level of security for your home to address the likelihood and potential consequences of uninvited guests. The same goes for your precious data.

The risk scenarios involving your family photos are very different to those involving your business records. If you’re dealing with sensitive customer data, particularly financial details, then this adds a new layer of risks and consequences.

If you operate in the financial sector there are clear rules about handling data with which you should be familiar. The Australian Prudential Regulation Authority (APRA) is a good place to start.

Of course you don’t need to be a bank to require data security and every business would have some documents that it wouldn’t want to fall into the wrong hands. Your industry association is usually a good source of information for data security advice relevant to your circumstances.

Government resources such as business.gov.au and staysmartonline.gov.au can also make a good starting point.

It’s easy to make kneejerk security decisions, especially if you’ve experienced a security incident, but the key to managing security as with any IT project is to start by assessing your requirements.

If your house was burgled tonight you wouldn’t rush out tomorrow and put bars on all the windows, especially if the thieves broke down the back door rather than smashing a window.

That might sound like commonsense, but it’s exactly the kind of expensive and ineffective digital security mistake you can make if you rush into a security overhaul.

You need to play devil’s advocate as part of a risk assessment. What are the greatest digital security threats to your organisation? Where are you most vulnerable? Where are the single points of failure, the easiest ways to cripple the business?

Once you’ve identified and assessed the threats, both large and small, you need to weigh up the risks. What’s the likelihood of these vulnerabilities being exploited? What are the potential consequences? Are you focusing all your efforts on firewalls and antivirus, but leaving the office back door unlocked and passwords written on post-it notes for any late-night intruder to find?

This security conversation should involve key staff members and the providers/maintainers of your IT systems, which may well be outsiders if you’re a small business. You need good answers to all these questions before you decide on a solution or implement anything.

The best solutions tend to involve layers of security and once you understand the risks you’ll be able to evaluate how much time, effort and money you should allocate to addressing them. You also need to regularly reassess your risks and countermeasures.

Keep in mind that digital security is only one area of risk and it’s important to do a full business risk analysis to weigh up all the potential threats to your business. When considering the risk scenarios for your data, you need to think about local, mobile and online threats.

If you’ve spread sensitive data across multiple computers, network drives and removable storage then the process of managing and securing that data becomes far more complicated. If some of those devices regularly walk out the front door then you’ve got a new range of security concerns to address, catering for damage, loss and theft.

You might backup your data to protect against loss, but once you’re storing backup copies elsewhere then your security concerns multiply.

Offering appropriate staff secure access to a central point might be a more manageable way to work with sensitive data than spreading it around the organisation. If that data is online then you need to consider who requires access to it and whether you need to implement extra security precautions such as two-factor login authentication.

You’ll also want to think about data encryption and who will manage those encryption keys. Some business-grade online storage services let you specify your own encryption key, so even they can’t read your data. The trade-off is that if you lose that encryption key then your data is lost forever.

You’ll also need to keep a secure offline backup of your sensitive online data in case the cloud lets you down.

There’s no one-size-fits-all digital security system and making bad choices can actually make things worse by giving you a false sense of security. Rather than jumping at shadows, start by shining a little light on the situation and assessing the biggest risks to your business.

FacebookTwitterGoogle+Share

About Author

David Hancock

David Hancock is the founder and managing director of Geeks2U, a national on-site computer repair and support company.

Recent News

snapdragon

Ever since the computer market shifted from desktop PCs to laptops, there’s been a significant balancing act going on between the needs of computer users for processing power to run programs, and the needs of those same users for battery power to keep their laptops going. At a simplified level, the harder you push a… More 

Apple-Apple

For the longest time, the generally accepted knowledge was that Apple’s Mac computers didn’t get malware or viruses. Apple even went so far as to mock its PC opposition in the famous “Mac vs PC” ads for the issues they had around security and malware, to a fairly solid effect. While Apple’s Macs do still… More 

intel

Quite often these days when we hear about a major security flaw, it’s to do with the underlying software that we’re running on our PCs, whether it’s a dodgy browser exploit, some kind of flaw in productivity software or even “free” content sites that are awash with malware. It’s not quite so often that we… More 

kindle

I’ve recently spent some time checking out Amazon’s latest Kindle e-reader, the 2nd generation Kindle Oasis. It’s the “luxury” choice in Amazon’s e-reader lineup, with a luxury price to match and a few new features to try to lure in those who love reading above other pursuits. One of the key new features is the… More