Companies must consider the implications of using free communications services (such as email and data hosting) on their data privacy.
Network Box offers IT managers steps to follow to ensure that company data is kept private:
1. Select a browser and keep up to date with all vulnerabilities, updates and functionality associated with that browser so the correct risk assessment of threats can be made.
2. Only allow approved browsers to be used on any work computer, whether in the office or at home.
3. Make sure users understand what they’re signing up to when they use Internet services.
4. If you have a free email or document storage provider, you may be sacrificing some privacy rights. If you feel uncomfortable about this, find out whether you can opt out of targeted advertising; or avoid these services.
5. Be careful about what data you store on these services as some countries have regulations about where data may be stored geographically (Germany is an example).
6. Set work computers to disable third party cookies (note: most browsers will accept all cookies as the default option).
7. Ensure security systems are up to date and you have a layered security approach.
8. Check applications for vulnerabilities (such as SQL injection).
9. Ensure employees don’t use personal email accounts for work purposes.
10. Ensure employees delete browsing history regularly and clear cached information stored on computers.
11. Send out reminders to employees to change passwords regularly, and make sure they are robust. Recommend that they don’t use the “remember me’ feature when logging in to secure sites.
12. Be aware: make sure employees understand security risks, and avoid becoming victims of phishing attacks.
Simon Heron, internet security analyst for Network Box, says: “There is no doubt that service providers take data privacy very seriously. But there is a trade-off for using free services that some people simply aren’t aware of: in return for a free service, there is a compromise on privacy. Free mail services use automated systems to “read’ information within emails, in order to provide similar targeting services to advertisers. The technology to do this isn’t vastly different from scanning an email to ensure it doesn’t contain malware, but the difference comes with what the system does with the information it reads. Profiling information is often stores and used to target users for advertising. The concern is if this profiling information got into the wrong hands, it could be used for less benign activity.”