Five simple IT security steps that all businesses should follow

Natural disasters are forecast to cost a whopping $100 billion (£66 billion) in 2014. But their cost is dwarfed by the $364 billion (£240 billion) lost to data breaches, according to Microsoft and the National University of Singapore.

Last year, widely circulated pictures from the iCloud and SnapSave leaks proved that cybercrime is not just a threat to nation states any more. The devastating attack on Sony has emphasised the very real consequences of a data breach for businesses as well.

It seems businesses are increasingly aware of the risks. According to recent Tresorit research, 77 per cent of survey respondents believe data is now harder to protect than two years ago.

Surprisingly, they don’t cite headline-grabbing hackers as their main concern, but rather unsecure data sharing practices. Additional research also indicates that the worst dangers to business data are located inside the corporate perimeter.

PwC found that the majority (65 per cent) of breaches are now the result of employee mistakes and malicious insiders, with service providers and contractors contributing to 33 per cent of breaches.

So how can employee collaboration be the cause of so many breaches? Employees now have the ability to access and share increasing amounts of private and confidential data, but as we’ve found in our recent research, they use cloud services they consider insecure (such as Dropbox) to do so.

If you use one of the insecure cloud services to store data, your data will be visible in their servers in the cloud. This lack of so called end-to-end encryption means they have access to your files, and your data has the potential to be compromised.

Once data is downloaded from the cloud to a device, it is even more exposed. Cloud solutions rarely provide control over shared documents, making it difficult to correct mistakes or revise access once a business changes suppliers or an employee leaves a company.

But it doesn’t have to be this way. We propose a simple but effective 5 step process to improve your cyber-security stance in as little as week:

1. Get the lay of the land - survey what data you store, who has access to it and rank it by sensitivity.

2. Define roles and permissions - define who should access what types of data and for how long.

3. Consider zero-knowledge - an increasing number of services provide end-to-end encryption for chat, email or file sharing. These can ensure your data is much harder to hack or leak with added layers of protection.

4. Secure your data - Find a service that ensures control over files programmatically, even after sharing. Digital Rights Management is one possible solution, embedding security directly into data.

5. Control access - based on your earlier research, enable the necessary level of access to employees, business partners and clients.

Istvan Lam is CEO and founder of cloud storage firm Tresorit.