Five tips on information security in companies
Cyber security has made it onto the priority list of European company managements. According to a recent study by British insurer Lloyd's, 54 percent of them are concerned with the issue. Information security is of particular importance. After all, data is the oil of the future and in many cases is of critical importance to the business. In addition, there are laws and guidelines that regulate the handling of personal data, for example.
Zurich Insurance also recently announced in a Survey found that SMEs are "catastrophically ill-equipped" against cyber attacks. Of course, a successful attack from inside or outside can never be completely ruled out. But even simple measures can make it much more difficult for perpetrators to tap into business-critical information. Gabriel Gabriel, Managing Director of Brainloop Switzerland, gives five tips for a life on the safe side.
1. identify and classify confidential information
Not every document is worth protecting. An easy-to-understand classification system with the categories open, internal, confidential, strictly confidential creates clarity about how individual documents must be handled and which groups of people have access.
2. define responsibilities
Not every employee needs access to all the data on the company server. This also applies to IT, which can act without restrictions in many cases. The smaller the circle of authorized persons, the easier it is to rule out misuse. Also helpful are a revision history and information rights management, which, for example, prohibits printing out a document or saving it locally.
3. protect information technically
In addition to the organizational regulations mentioned above, technical measures ensure information security. However, numerous requirements must be met, such as end-to-end encryption, effective access management, audit-proof logging, and information rights management. At the same time, they should be easy to use. Cloud-based solutions from external providers, for example, score points with simple implementation. However, if companies opt for such a solution, they must ensure that the provider does not gain access to sensitive data. The location of the data center is also important. It determines the data protection laws that apply in each case. Brainloop solutions such as Secure Dataroom meet these requirements and allow data to be stored in Switzerland and even in the company's own data center.
4. introduce internal policies and train employees
Even the best defenses against cybercrime only work if employees are aware of them and accept them. This requires that the solution used is user-friendly and that the company invests in training measures. Rules for handling sensitive data must be clearly communicated and visible to everyone.
5. monitor compliance
What remains: Make sure that all requirements are actually met. If there is a data leak, it must be possible to trace which data is affected and who had access.
"In recent years, the threat of cybercrime has continued to grow," Gabriel Gabriel continues. "So it's only logical that information security has become a management issue, and protecting sensitive and business-critical data is a priority." A secure working environment should be as self-evident as the seatbelt in the car, according to the Managing Director of Brainloop Switzerland, which offers highly secure cloud-based solutions for audit-proof compliance with legal requirements as well as compliance policies.
More information: www.brainloop.com
