The majority of Information and data used and shared within the private equity and venture capital industry is highly confidential and sensitive. With the industry flourishing after two decades of strong growth and playing an increasingly significant role as a revenue generator within the UK, now is the time to toughen up security procedures to minimise any potential risk, both from an individual users perspective to company wide threats.
1. Password Policy
Forgetting your password is an ailment we all suffer from, or simply making it far too basic that it’s easily compromised. Making them memorable as well as strong and complex enough is tricky. We find that using car registration plate numbers is a good way of getting a mixture of characters that’s strong and memorable or how about replacing some of the letters in your favorite food with numbers i.e P1stach10s!
These methods seem to make it easy to remember for yourself but fairly un-guessable to any office chancers. This however is not infallible so don’t forget to change them every 90 days or so to maximise your protection as best you can.
2. Bring Your Own Device
Most private equity businesses will find working outside of the standard 9 till 5 day fairly common practice when a deal is going through and bringing your own device to work and using it outside of the office environment is becoming increasingly prevalent.
But how well are these devices protected. Laptops, phones and tablets are lost or misplaced on a daily basis, does your business have a plan of how to control the data that is stored on them? Check to see if you can activate remote-wipes on lost or stolen devices and see whether your business could benefit from a mobile device management solution such as Good Technologies or AirWatch by VMware.
In the meantime ask your IT manager or IT support company to enforce password protection and quick display timeouts on the lock screen of any personal devices – This may sound simple, but that hurdle is enough to stop most thieves or chancers from even bothering with the forgotten phone they’ve just found on a park bench.
3. New starters
There is a lot to do when you’re enrolling a new member of staff into your workplace, but top of your list should be making sure that the new employee has only relevant access to the company’s files, folders and client data. This is best practice for any business and controlling rights and permissions from the outset will save sensitive data being available to any unauthorised eyes and will give you peace of mind that your data is in the correct hands.
4. Secure Data Exchange
The competitive landscape of the Private Equity industry highlights the need to conduct business more securely and there are excellent solutions available such as Microsoft SharePoint that are organised, efficient and customisable to the specific needs of your firm ending any concerns about the wrong person having access to the wrong files and modifying data without anyone’s authorisation or even knowledge.
Virtual data rooms can provide a secure and organised cloud-based storeroom for sharing confidential information with third parties. They handle the data challenges that trouble private equity, venture capital and alternative investment fund firms by providing a central hub where all parties can view information and resources safely and securely.
5. Data Leakage Prevention
An increasing trend is for businesses to look at data leakage and more specifically how they prevent it (or at least monitor it). One such solution that offers businesses this type of auditing and management is Varonis. The Varonis Data Governance suite helps organisations manage and protect their documents, spreadsheets, presentations, media files and other business data that they have saved in various servers, NAS devices and applications. They provide organisations with the ability to update and change user permissions efficiently and effectively and the moderating system can see who has opened, deleted, modified, saved or altered any files so that it can alert your organisation to data that may be at risk of misuse.
6. Archiving Email
If you are using Microsoft Exchange or Office 365 you have the option to enable a feature that allows you to keep a duplicate of any emails sent or received by personnel. The system will monitor your email systems and be on the lookout for any odd or malicious behavior and that could be the the very thing that stands between you and a shed load of stolen data.
There are also a number of solutions, such as Mimecast, that offer businesses an enhanced solutions for record keeping and compliance. Your business never needs to put important data at risk due to server issues, storage requirements, or mailbox constraints.
7. Check Your Printer
With flexible working hours becoming more fundamental every day, some of your workforce may work late nights or get in before the cleaner every morning and that’s a lot of unsupervised time in the office. There are a number of solutions, based around secure print technology available which look out for irregularities in print behavior and give you the ability to audit print logs. You can trigger alerts, view print requests and examine print-outs if you suspect any erroneous behavior from any employees.
8. Lockdown your USB Drives (and encrypt them!)
When your entire workforce are able to copy data to or from removable USB drives it can create some pretty high data leakage issues not mention a risk of infection from malware and spyware. There are a number of solutions that can manage and eliminate these types of risk, such as Safend Protector and Auditor that can offer solutions to simply block USB ports or only allow certain devices access as and when the business determines necessary.
Another key factor that is often ignored is the fact that USB drives and memory sticks are generally unencrypted. By simply plugging them into a laptop or PC, that potentially safe data is made accessible to anyone that has it in their possession. Any business that values its data (that’s you!) should have policies around the use of USB devices and should encrypt the data stored on them to manage the risk that these small freely available devices offer.
We live in an exciting world where technological advancements and breakthroughs are made on virtually a daily basis, but unfortunately these walk hand in hand with increasing and more advanced electronic threats and risks to your business. These simple tips are just a few suggestions on how you can make your current security plan a little healthier but our main tip would be to not let your procedures become stale, review your security plan regularly to encompass new technologies the business may implement and be proactive when looking to protect your data.
If you would like some assistance implementing any of these security measures, then please do not hesitate to get in touch.