IT security revolves around people, not things

Protect your data – prevent leaks

You now have an excellent ERP system and it is chock-full of essential information. First and foremost you have to be sure that nothing can go wrong with it. You are also legally obliged to protect client data against breaches of privacy and theft. Equally, you want data to be available any time and anywhere for those who need the information at that particular moment. ERP is a collaboration platform which provides different portals. The issue then is how you go about guarding all the portals. How do you keep your ERP and other data safe?

Step 1: The shut-down plan

We live in a mobile age and your employees now work more efficiently when they have access to the information that they need from different devices, often when out in the field. The first thing you need when creating a risk analysis is a proper overview of all the people and devices that have access to your ERP system. You will soon notice which passive servers are running in the background and which devices are still connected that are no longer in use.

Disconnect all ‘dormant’ portals and block – temporarily if necessary – the devices you cannot trace. Assess which devices require access and who the owners of those devices are. Using this list, you can then progress to step two: informing the people involved.

Step 2: Strengthen all chains

The majority of cyber attacks are no longer carried out directly on large servers. Nowadays the identity of an individual is assumed or stolen and misused. An employee who has access to sensitive information has become the prime target, which is why it is essential that you inform those involved, especially if personal devices are also used for work. A chain is only as strong as its weakest link and the same applies to cyber security.

Remind everyone to also protect personal devices as well as possible. This can of course be done simply by installing a firewall. But did you know updating your device is particularly important? Updates often provide a patch for weak spots in the software. Also it’s a good idea to provide a contact point for phishing, scamming and spam that enables colleagues to share information with one another if in doubt.

Make your passwords as strong as possible and change them every three months, including the home WiFi network. Personal networks such as 3G and 4G are safer than public hotspots; use the first two if possible, particularly for work. If you have a choice between connecting to WiFi or Bluetooth, the latter is the safest option. Also remove apps that you no longer need. So-called ‘zombie apps’ are no longer updated and therefore become increasingly unsafe.

Finally, creating a social media policy is recommended. This is not to control what someone posts, but to ensure that everyone is aware of what information is public and what is not. Lots of social media providers have the unhelpful habit of regularly ‘updating’ their privacy settings themselves. Issuing a reminder every two months with a short guide to keeping your profiles as well protected as possible is therefore not a bad idea.

A mere hour of work every month

Once you have everything mapped out, a few small procedures will ensure that your data is better protected against breaches. ‘Patch Tuesday’ has been incorporated into the business culture of many companies. In this instance, updates are run every second Tuesday of the month and everyone collectively changes their passwords. Make this a good habit, both at work and at home.