Regardless of the size of your organization, almost nothing is more important than ensuring the information security for both your and your clients’ data. The careful planning, implementation, monitoring, and maintenance of strict controls is necessary to protect all assets, especially data which is extremely valuable to every organization.
Problem: Ensuring Information Security
Think about the kinds of information that's at risk: banks, insurance companies, and ecommerce sites need to protect their customers' personal information and financial information, and in many cases are bound by strict industry and/or government regulations. There are also other industries, such as pharmaceutical and aerospace companies, with important intellectual property that needs to be kept secure. Unfortunately, most companies can't protect themselves on their own - as their adversaries are very sophisticated. For small, fast-growing businesses the risks are just as great, if not greater. An attack that compromises company accounts or customer relationships can directly affect an entrepreneur's personal security and finances. In fact, 60% of small businesses will close their doors within six months of an attack due to the expense of mitigating loss. Moreover, that entrepreneur won’t have access to the resources for recovery and defense that are available to a major corporation.
It's not just the outside threats you need to worry about. A report from Stroz Friedberg (a cyber-crime investigation firm) shows 87% of senior managers report uploading work files to personal accounts, 58% report accidentally sending sensitive information to the wrong person, and 51% take data with them when they leave the job. Tech preference are also increasing information security risks, with 75% of workers reporting that they upload files to personal accounts, and the majority saying it's because they prefer their home computer.
A great first step to securing your information is to use Bitlocker. When you set up a workstation with PIN+TPM Bitlocker protection it means that even if the device is stolen, only the authorized user can start the machine, and removing the drive does not help an attacker.
Next, on devices that may be used for both business and personal needs, you’ll have to identify company data and separate it from personal data. To do this, run Windows 10 Anniversary update and enable Windows Information Protection (WIP). WIP allows users to freely copy content between business apps and documents, but it won't allow the data to leak into the personal space unless IT chooses to allow it with a policy. In this case, auditing will occur in the background and your users will be encouraged to act responsibly and in a way that is compliant with your corporate policy. As an added bonus, since WIP it'is built into the OS, it doesn’t have an there is none of the "add-on" feel to it, from a user standpoint it's seamless.
Iuvo Technologies can craft information security policies and services using Azure Rights Management, WIP and Office 365 that can help automate and on-demand protect your data whether it's stored on premises, in the cloud, emailed out, or on an employee’s laptop. To learn more, schedule your FREE IT assessment.