Data is becoming one of the most valuable resources on the planet, in part, because of the criticality of the information it contains on business operations. Data security is a key driver for businesses, which is why we take protecting our client data seriously.
We implement various steps to keep our client’s data safe and secure, here’s how:
9 Ways We Implement Data Security at Talent Formula
1. Devices are for business use only
There are security controls and policies in place to ensure Talent Formula’s computer systems can only be used for the company’s business and not for personal activities. We have controls in place to prevent devices from being accessed by unauthorised individuals or organisations. Unauthorised use of systems may constitute a violation of the company’s policies and may result in termination.
2. By developing a security-driven culture from the start
To ensure the security of all data and customer data, our staff must be formally authorised and onboarded by the company’s IT Admin Department on their start date. We also have policies and security controls in place to ensure authorised users take all necessary precautions to protect the confidentiality of Talent Formula’s customer information. So, these controls all begin from their start date.
3. Using a secure VPN to access client data
User laptops are configured with customer-provided VPNs or other encrypted access methods for a secure connection to the customer’s systems.
VPNs and other encrypted connections make it significantly harder for attackers to access sensitive information via ‘man-in-the-middle’ attacks.
4. Implementing end-user firewall and endpoint protection
All laptops we use have SentinelOne anti-virus software installed, updated, and running. This software is designed to protect laptops from ransomware and other malware threats and cannot be disabled by any user.
SentinelOne also recognises the behaviour of potential attacks and will lock the computer from all network access if suspicious behaviour is detected. When this happens our IT team will not unlock the device until it’s determined to be safe.
While in the office, all devices are protected by a next-generation enterprise-grade Sophos firewall. If working outside of the office, the windows firewall is enabled and set to block all incoming connections.
5. Using device encryption
All end-user devices owned by Talent Formula have their hard drives encrypted at all times using Microsoft BitLocker. This prevents access to any data stored on the device if it is lost or stolen.
6. Prioritising paperless solutions
Wherever possible we aim for paperless solutions which both reduce environmental impact and decrease the chance of data being lost or stolen as there are no paper records with client data. Staff are also provided with dual monitors to allow the review of multiple documents at once.
7. Don’t discount physical office security
The office has a secure, private, dedicated internet connection and provides features such as fire detection and 24/7 monitored CCTV. There are three stages of security checks in place to prevent trespassers including the main entrance gate, a reception check-in, and a third check-in at the main door of our office.
There’s also a phone-based access control application that allows staff to securely enter the building as well as RFID tags for all staff working from the office to enter the office and clock in and clock out.
8. Providing end-user support
We have a dedicated helpdesk team in place allowing the team to log any security issues or concerns they come across with both local machines and the office network.
The team also maintains the network and end-user devices keeping them up to date with the latest security patches. They also monitor for any unusual activity or issues that may affect the security of staff or company data.
9. Securing client system access
All users are assigned access to client servers or systems, and these have a separate, unique username and password combination. Passwords are a minimum of 10 characters long, secure, and not used on any other system or software. Plus, we use multi-factor authentication for all users who log in to servers where possible.
If you have any specific questions about the IT controls and security policies in place at Talent Formula, please contact the chief operating officer Kranthi at [email protected].