blog

Security Planning: How valuable is your business data?

2017-10-05

Does your business have adequate data security plans in place? Have you considered the value of the data you hold and the impact a security breach could have? Could your business benefit from security planning?

At a recent security event, a director of the National Cybersecurity Centre suggested that a “category one” cyber attack will happen over the next few years. In other words the most serious type of security breach, which could put the identity of many people at risk. He called for organisations to act now and start security planning.  As an indication of the gravity of a ‘category one’ attack, the WannaCry attack earlier this year, which infected multiple NHS trusts, was rated as a ‘category two’ incident by the National Cybersecurity Centre.

Ian Levy suggests that it isn’t too late for organisations to protect themselves from a serious cyber attack and that steps should be taken now towards security planning. Whilst he may have been referring to larger scale organisations, businesses of all sizes should take security threats seriously. It is important organisations consider how they would be affected by a security breach. Businesses should start by understanding the data they hold, what value it may have and what the consequences would be both inside and outside the organisation, were a breach to occur. The disruption to business operations, impact on customers and the reputation of an organisation could be very damaging.

Data Security Planning

A good place to start is with a security plan which looks at the potential vulnerabilities of your IT systems. A security plan should aim to protect key business data and follow any relevant legislation and regulations. So, how should you go about creating a security plan?

Step 1 – take a close look at your IT estate, including all the systems and data, hardware & software that run your organisation. Consider what data you hold and what value it might have.

Step 2 – conduct a risk assessment looking at potential threats and the damage that could result from each of these threats. Consider what damage could be done if your business data was lost or breached.

Step 3 – prioritise what elements need protection and take appropriate action to reduce the security risks. Do you have adequate data storage & back up which could restore data if it is lost or damaged? Depending on the size and nature of your business you may also want to consider disaster recovery and business continuity planning.

Step 4 – involve your employees, they may have useful insights into the daily business operations and data usage to feed into your security planning. Keep your team up to date with any changes to your operational policies and ensure they are informed and prepared to respond to a suspected data breach or cyber attack.

If you would like any business security advice, SortmyPC offer consultancy on security planning, disaster recovery & business continuity planning. As a managed IT service provider we can ensure you have appropriate data back up and storage in place. Please contact us for a free initial consultation. We’d be delighted to discuss how we can help.

Further information can be found at:

https://www.theguardian.com/technology/2017/sep/22/major-cyber-attack-happen-soon-warns-uks-online-security-boss?

https://www.ncsc.gov.uk/