We are taking advantage of European Data Protection Day to remind you how important it is for every organisation to have a genuine information security policy. This is a subject that is regularly in the news, with several major companies recently suffering massive data leaks. These include Twitter, Deezer and Uber.
Lionel Bruylants, Product Manager Network & Security at NSI, explains how to protect your company's data and avoid cyber-attacks, phishing and ransomware.
How important is data protection?
With ultra-connectivity, the danger of intrusion into the heart of information systems cannot be overlooked. Security breaches, data leaks, cyber-attacks and confidentiality breaches are a reality that every company should guard against. The question is no longer IF, but WHEN your company will be attacked.
Nowadays, cyber-attacks target organisations of all sizes, often resulting in the loss of critical data. These vulnerabilities could be limited by clearly identifying your sensitive data, but also by effectively protecting it by implementing a few simple rules, such as making cyber security part of your corporate culture.
"Today, the question is no longer IF, but WHEN your company will be attacked!." - Lionel Bruylants
It is therefore vital that everyone involved in a company understands the specific challenges and needs of IT security, so that it can be understood and adopted by everyone. As safety is often a constraint, this will enable a smoother and more effective transition.
Which data needs to be protected?
Under the General Data Protection Regulation (GDPR), it is imperative within a legal framework to protect personal data that can identify an individual, either directly (address, surname, first name, etc.) or indirectly (customer number, telephone number, etc.).
In a broader context, and in the interests of your company, it is also important to be able to properly secure data relating to human resources, the list of your customers and the data relating to them, all bank data, data relating to your computer data, but also all sensitive and confidential data relating to your business (patents, secret recipes, contracts, strategies, etc.).
There is also a more specific aspect, which does not necessarily apply to all activities, but which concerns financial and medical data, which can cause serious harm if this type of information is stolen, but even more so if it is disclosed.
How to protect your data?
5 essential steps for your organisation:
- Analyse - Reviewing data and application flows together, in order to draw up a list of actions to be taken in terms of process controls and validation.
- Detect - Examine security at all its layers, from the network to the applications and the operating system layer.
- Counter - Securing information and applying the necessary corrective measures such as data encryption.
- Prevent - Put in place an emergency plan to minimise the impact of a cyber-attack.
- Training - Regularly raise end-users' awareness of the importance of cybersecurity by organising regular campaigns to encourage them to be vigilant and identify a phishing message, for example.
Regular risk analyses are the key to optimum prevention of your IT security, as is good management of data processing processes.
What is the expertise of NSI in the security sector ?
We have a Network & Security (NetSec) team that is constantly developing new solutions and working with you to integrate a tailor-made plan. These include :
- The implementation of a continuous cycle to protect your systems in four phases (identification/audit, prevention, detection and response);
- Securing your corporate data and systems through parallel management: technological solutions and managed security assistance;
- Appropriate measures to protect your data in accordance with the new European laws (RGPD).
Do you need a security package tailored to your needs and budget?
To assess your needs ,contact us.
