8 tips to boost your business’s data security, including in the home office
The author Petteri Järvinen says that young people are not as informed on data security as is often thought. He stresses that many big risks have materialized as a consequence of simple errors.
In his recently published book Yrityksen tietoturvaopas (“the business’s data security guide”), author Petteri Järvinen compiles key lessons from the data security lectures he has given over the years. The result is a 250-page book which broadly discusses businesses’ data security and a range of risks.
During Järvinen’s long career, data security and businesses’ risks have changed a lot. The largest change has been due to the increased use of cloud services.
“At the turn of the millennium, companies backed up their data on floppy disks. Nowadays, data loss because of broken external drives is extremely rare, because the data is stored in the cloud, or at least is supposed to be,” Järvinen says.
Petteri Järvinen’s latest book is about businesses’ data security.
While viruses are hardly ever passed on by email any more, companies face many new threats, such as cross-border online scams and ransomware.
Nowadays, data loss because of broken external drives is extremely rare.Petteri Järvinen
“It’s easier for users to protect themselves now, but on the other hand entire companies’ data may be on a single computer or network. If something unfortunate happens, the risk is the destruction of a company’s accounting, warehouse management or client register. In that sense, the risks have increased.”
Simple error often behind major data breaches
As he was writing his book and researching data breaches worldwide, Järvinen was surprised by how many serious cases had originated in simple errors.
“People simple forget a lot of things when they’re under stress, and sometimes people are downright negligent. At the end of the day, the cause of large data breaches can be something simple like a leaked password or an unprotected firewall.
“In one sense, this is comforting, and in another it’s not. When companies have been trying to get things in shape for twenty years, you wonder whether they’ll ever be in shape.”
“Young people are clueless about data security”
Järvinen does not think young people are very enlightened when it comes to data security and identifying businesses’ risks.
“Nowadays people imagine that young people know these things and we don’t need to remind them about data security. That’s nonsense. Often, young people starting their careers are clueless about data security.”
Järvinen says that the reason for this is that digitally native young people are used to easy and streamlined use of mobile devices, and to “simple” data security based largely on facial recognition.
“What they don’t know, though, is how search engines and cloud services work and where their data is stored. From childhood, they’re used to everything happening automatically and nothing costing anything. That’s a bad starting point for a business’s data security.”
Eight tips for better data security in your business
- Ensure your business does not use devices or apps that only one person is familiar with. The same goes for skills that are important to the whole company.
- If your business is targeted by ransomware, a backup copy might be the only way to get back to business as usual. Backups should operate on the write-only principle: only writing is allowed, whereas altering and deleting are forbidden.
- Remote employees should have two computers, one dedicated to work matters and the other for everything else like web browsing and entertainment. The computers should not be on the same WiFi network to prevent malware from spreading from the leisure computer via the work computer to the business’s network.
- In home offices, there should be several networks, one of which could be just for children’s devices. It is also a good idea to create a dedicated network for smart home appliances. Even if they are hacked, the hackers cannot access important data.
- In your business, limit employees’ credentials so only one person has the right to change a customer’s account number or invoicing details. This significantly reduces the risk of email scams.
- Protect your business against identity theft by providing the Patent and Registration Office with an email address it can use to notify you of changes made to your registered information. This allows the management to be informed if wrongful changes are made to the company’s registered data.
- Encrypt disks on laptops and mobile devices. Good programs for this purpose include Windows Bitlocker and FileVault on Mac.
- Avoid sending or sharing important files in their original format. They can retain metadata which the recipient can potentially access.
Source: Järvinen, Petteri: Yrityksen tietoturvaopas (“the business’s data security guide”, Kauppakamari)