Ken & Co

Safeguarding Digital Data

The digital data has ingrained itself as an integral part of modern business. It has transformed the way business is conducted and opened grand vistas.  With opportunity however, comes responsibility.   The cyber world has unfortunately plenty of potential for someone with malicious intent. With remote working and increasing cyber attacks it is critical that we have measures to safeguard digital data.

Give below are a few regular and simple practices that can be followed to safeguard from Cyber Attacks and Risks.

Best Practices for Cyber Security

  1. Password Management:

Passwords are the first line of defence for any program.  Having good passwords greatly enhances security whereas bad passwords may even negate the effects of other controls measures that are implemented. 

Best practices:

  • Ensure your passwords are strong and secure and use multi factor authentication where possible.
  • Regularly change passwords, and do not share them.
  • Consider using password Vaults for remembering multiple passwords for clients or self.
  • This can be also used for sharing the passwords with a designated set of individual, say the employees or teams who are working with Income tax, GST credentials.
  • Tools such as Zoho Vault, LastPass are quite useful

 

  1. System Access:

Controlling who has access to the system is perhaps the most obvious way to ensure security.  Every person who has access to the system must.be a legitimate user.  A legitimate user is one who has a valid reason for requiring access, whose identity can be verified and does not have malicious intent.

Best Practices:

  • Remove system access from people who no longer need it, and limit access to only those needed to do their role.
  • Administrator privileges are provided on an “need to have” basis.
  • Regularly review the access privileges granted
  • Tools such as Manage Engine help in monitoring end point access

 3. Secure Wi-Fi & Devices

Wi-Fi, though greatly convenient, can pose a security threat for that very same reason.  Extra care must be taken while using Wifi to ensure security.

Best Practices

  • Secure your wireless network and be careful when using public wireless networks with mobile devices.
  • Avoid transacting online where you are using public or complimentary Wi-Fi.
  • Never leave your information physically unattended – secure your electronic devices.
  • Ensure employees have secured their home Wi-Fi devices. This includes changing default security credentials
  • Restrict guest access to only internet and not to the entire IT infrastructure of your office. A separate Wi-Fi profile may be created for the same.

4. Legitimate Software:

Developing software is a complex process.  Good software can have great functionality and ensure protection but faulty software could make an otherwise secure system vulnerable. 

Best Practices:

  • Only download/install programs from a trusted source.
  • Consider using application whitelisting so only authorised software applications run on your computer.
  • Disable untrusted Microsoft Office macros and block or uninstall Flash and Java.
  • Use only licensed software, as free software may open pandora’s box.

5. Patches and Anti-Virus:

Patches are updates to software.  Patches are deployed by the software manufactures to not only enhance the software but to also increase security.  Software patches must be updated at the earliest but care must also be taken that the patch does not lead to a disruption is business. 

Anti-Viruses are designed to prevent malicious software from entering the system and causing harm.  An up to date Anti-Virus ensures the safety of the entire system.

Best Practices:

  • Ensure all mobile devices/operating systems/software have the latest software updated.
  • Only legitimate and genuine licenses should be in place, and auto update features must be enabled.
  • Certain Anti-virus software or End point management software have facilities to track application updates and inform the administrator.

6. Clean devices:

Though great for carrying legitimate information, USBs could also be a carrier of viruses or other forms of malware.  Care must be taken to ensure that the system is not compromised by unfamiliar information portability devices.

Best Practices:

  • Do not use USB or external hard drives from an unfamiliar source.
  • Preferably block USB usage and use only in restricted machines for the purposes of digital signature and encrypted USBs.
  • Prefer sharing data over encrypted channels such as Secured file transfer protocols, or secure Cloud applications.

 

7. Social Media:

Social media is one of the most literal manifestations of the saying “the world at our fingertips”.  Sensitive content once released onto social media is almost impossible to erase.

Best Practices:

  • Be vigilant about what you share on social media – try to keep personal information private and know with whom you interact online.
  • Disable locations sharing, third party access to your profile and regularly verify your Privacy controls.

 

8. Email:

Emails has allowed communication to occur at the speed of thought.  But it has also created the information explosion.

Best Practices:

  • Use a spam filter for your email and use email carefully – be wary of downloading attachments or opening links in emails you have received in case it is a ‘phishing’ attempt.
  • Using paid and encrypted email accounts can be more beneficial.

 

9. Regular Backups:

Data can be volatile.  It’s easier than you would expect to lose data.  Maintaining at least one detailed copy of all important data is maintained at a secure location ensures robustness.

Best Practices

  • Use off-line, incorruptible, and disconnected backups.
  • Prefer the usage of automated back-up in addition to external hard disks backing up the data.

 

10. Bring Your Own Devices:

The use of personal devices for work has been a trend that has picked up greater momentum is recent years with the advent of smartphones, tablets and other such devices with high computational capabilities.  It has also brought about an increase in the number of devices that must be taken into consideration for the purpose of security.

Best Practices:

  • In case of employees bringing their own device, it is highly recommended that a thorough checks are performed on those systems prior to giving access. Such checks include checking if the laptop is genuine, the operating system, anti-virus software is in place and unsolicited software are not downloaded.
  • Declaration may be taken from employees regarding the careful usage of the data and adherence to office policies.
  • Separate user account may also be used, and data loss prevention tools may be deployed.

Conclusion:

The above mentioned practices are just the beginning.  Due to the inherent complexity of the cyber environment, new threats are created just as fast as security measures can be developed.  The perpetual race between threats and security controls is bound to continue.  It is ever important that we maintain vigilance and keep ourselves updated of the new possibilities and dangers.

Author

The author CA Narasimhan Elangovan, is a practising CA and partner KEN & Co. He is a GRC Professional, a Digital transformation catalyst and an author. He believes in the power of technology to solve everyday problems. He can be reached at narasimhan@ken-co.in