Data security is always a hot topic, but with the General Data Protection Regulation (GDPR) coming into effect in May 2018, it’s especially talked about at the moment. Between the increasing number of high profile data breaches and the endless media scrutiny of the data industry, it’s hard to avoid a discussion revolving around data security. It’s important that your business has as many controls as possible to try to reduce your risk. These controls are split into two main categories, technical controls and procedural controls. Take a look below at the steps you can take to try and keep your data as safe as possible.
In order to protect your data, you should start by deploying technical controls across your business. These technical controls vary in complexity, but they offer a level of protection to your systems and the data held within them that can help prevent data breaches.
Whenever data is involved, it’s best to have some form of encryption on your systems. Whether you encrypt the data itself or encrypt the machines that the data is being held on it doesn’t matter – encryption is the first and last line of defence. By using encryption, you can ensure that your data will remain unreadable and safe, even if accessed by a malicious actor. Encryption is the best way to ensure private files stay private.
Encrypt Data Transfers
There’s another side of encryption that you should employ as a business, and that is during data transfers. You should aim to use Hyper Text Transfer Protocol Secure (HTTPS) or Secure File Transfer Protocol (SFTP) for file transfers to ensure data is protected during transit. Whether you are sending to a colleague within the business or to a client outside of the business, encryption data will help to protect it.
Access to systems holding sensitive data should be restricted to those who need it. If only a handful of people have access to the data, it’s easier to protect and also easier to pinpoint the source of any data breach.
Keep Software Up To Date
Most businesses have anti-virus and anti-spyware software in place, but they forget or neglect to make sure they have the latest versions or latest updates, which can open them up to all sorts of data security breaches. Make sure that your software is kept up to date to make sure you’re not leaving yourself unprotected.
Isolate/Segregate Sensitive Data
Keep sensitive information on the fewest number of computers or servers possible, and be sure to segregate it from the rest of your data and network. Ensure that any unnecessary copies are securely deleted, as the fewer copies of data you have the easier it is to protect.
Save Yourself The Time And Money
I hope these tips come in handy for you and that you take a moment to learn how to better protect your data, sensitive or not. When you look at the big picture, the bottom line is: it’s much more expensive to fix a breach than preventing one. Most of the time, you can prevent data security breaches by practising safe tech, as outlined in the tips above.
Deploying the best controls on your systems act as a defence that system hackers have trouble penetrating. However, these controls mean nothing if you haven’t got your procedural controls in order. What people always forget is that data security starts with you.
There are a number of procedural controls you can put in place to help protect your data, and these types of controls involve you and your employees.
Train Your Staff
Our number one tip will always be to train your staff! By training your staff, they know what is expected of them and it will put information security at the forefront of the decisions they make. Make sure your staff are aware of the dangers involved in their role and what policies you have in place to mitigate these dangers, such as password policies or Bring Your Own Device (BYOD) policies.
Data Transfer Policy
One thing we’ve seen happen over and over again is staff thinking they can transfer data using emails because they think it is secure. Email is by nature, unsafe. Emails can be sent to incorrect recipients or be intercepted, and both of these constitute a data breach. Every company should have a transfer policy in place and staff should be trained on it.
You should have strong password requirements on your systems and this should be reinforced by good staff training around complex passwords and their benefits. Use of different characters, a mix of upper and lower case and numbers – whatever it is, a strong password is a better defence than a weak one.
Train your staff
I’m not sure if I’ve mentioned this, but our top tip is to train your staff! This is so important. You can have every documented procedure, every control or every safety measure in place but they mean nothing if your staff don’t understand, know or care about them. In 2015, 60% of all attacks were carried out by insiders, both malicious and accidental. Don’t put yourself at risk.
So there are my top tips – as you may have noticed, the theme to this blog post is to TRAIN TRAIN TRAIN your staff! It’s so vital and it has been proven over and over again that a lack of training can cause some of the biggest data breaches. The American department store Target, for example, was brought down by a phishing email opened by a member of staff. Sony has also been a victim of phishing in the past.
Data security starts with you!
If you would like any more information, please comment below or get in touch. Although Cybercrime is on the the rise, you can put your trust in us – take a look how. We’re an ISO 27001 accredited business, which means that we follow information security best practice, and deliver an independent, expert assessment of whether your data is adequately protected. Get in touch to find out how we can help you to achieve sophistication with not only your data security, but also your email marketing.