, ,

Beware of using unauthorised IT systems at work

notjusthackers

Human error is the leading cause of data breaches. So, the Information Commissioner’s Office (ICO) has produced a handy toolkit to help businesses boost their information security. This includes not using unauthorised IT systems.

At Hayes Connor, we’re sharing some of the tips included in this toolkit. In doing this, we hope to raise awareness of this issue. We also want to help organisations across the UK improve their data protection processes.

Tip: All the information you work with has value. Only use authorised IT systems

The risk of using unauthorised systems  

It is easier to keep confidential data safe if it is processed and accessed via authorised IT systems. On the other hand, systems that are not effectively managed will be vulnerable. In many cases, such cyber attacks are entirely preventable.

Quick tips

Here are some tips to help employers keep their data safe.

  • Put strict policies and procedures in place to ensure the safe processing of information. Both in and out of the office
  • Establish what devices and applications are allowed to access your network. Also, where, when, and how it can be accessed
  • Make sure employees understand the penalties for breaching the policy
  • Implement tools to protect data on mobile devices. For example, Two Factor Authentication (2FA) and password controls
  • Make sure you can remove sensitive data from mobile devices remotely
  • Make sure that all staff receive regular data protection training
  • Make sure employees understand the potential consequences of breaching data protection laws.

Even authorised IT systems can be hacked if not managed properly. For example, Equifax’s failure to patch a server flaw resulted in hackers stealing the data of 143 million US citizens and up to 15 million Brits. This sensitive information included email addresses, passwords, driving license numbers and phone numbers.

So employers should also make sure that they:

  • Only use supported software, operating systems, web browsers and apps
  • Develop and implement policies to update and patch systems regularly
  • Create and maintain hardware and software inventories
  • Keep track of the version and patch status of all software
  • Deploy tools to help identify unauthorised hardware or software
  • Make sure that any functionality or app that doesn’t support a business need is removed or disabled
  • Conduct regular vulnerability scans
  • Establish configuration control and management policies for all systems
  • Disable unnecessary devices
  • Prevent removable media access
  • Ensure that regular users can’t install or disable any software or services
  • Limit privileged user functionality.

Under the GDPR, businesses must process personal data securely by means of ‘appropriate technical and organisational measures’.

Find out more about how to do this on the ICO’s website.

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your information safe, follow our #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you. Or give us a call on 0151 363 5895 to discuss your case in more depth.