We wrote about the importance of keeping data in your emails safe from prying eyes in our last blog, but what about the rest of your data in the cloud, servers and individual machines? You have a variety of files on all of these that have information you do not want unauthorised people having access to. It could be personal information, financial information, legal matters or just anything that could be commercially sensitive. Whatever it is, you need to make sure that access is limited to those that you want to see it.
There are various ways this data could end up in the wrong person’s hands:
Without the proper security setup, using public WiFi can be a security risk; criminals have a variety of ways to access your data when you use it. We recommend using a portable hotspot on a phone rather than public WiFi, but sometimes signals are weak, and if you have people on the road, such as salespeople, they will be tempted to use it. We know of someone who discovered that a criminal had accessed their Office 365 documents after using public WiFi while on holiday in Spain.
Many of our clients have been sent scam phishing emails that can be pretty convincing. An email comes in from what appears to be a known contact asking that the recipient put in a contract bid and gives a link to what appears to be an Office 365 login page. There are a lot of variations of this scam, so watch out! Without extra protection, the criminals then have access to any files that employee has access to. We recommend using secure email filtering that prevents most of these from getting through, but the odd one could slip through or go to an employee’s personal email.
We’ve all heard the stories about public servants leaving unprotected laptops and other devices on trains. The truth is similar things happen to small businesses every day. A laptop left behind in a hotel, left in a café (where they were using that free public WiFi to catch up on some work) or stolen from a car. We recommend making sure all devices and machines, particularly portable ones, are password protected and encrypted. Encryption will prevent hackers from plugging the hard drive into another machine to access the data stored there. However, if someone was looking over their shoulder when they were logging in, they left the laptop on and failed to log out or the password isn’t secure enough, a criminal could still potentially get access.
Two-factor authentication can prevent much of the risk of someone gaining access to your sensitive data. We are all familiar with this when using online banking – we input all of our passwords, then we are asked for the number on the little card device. Two-factor authentication is similar for your documents – only you have an app on a phone or have it set up to send an SMS message rather than a separate device.
You can have different levels of authentication set up. Many businesses we have come across only have two-factor authentication set up for access via a new machine. This does help in cases where access has been gained remotely, but we recommend that all employees should need to use two-factor authentication set up to gain access to their work documents, particularly if they use a laptop.
If you would like to know more about how to set up a level of two-factor authentication and other methods to keep your data safe, call us on