Data breaches have, unfortunately, become commonplace, despite resulting in great direct financial harm and the potential to tarnish the image of the company. In the post-GDPR world, you also open yourself up to lawsuits from affected individuals in what is probably a desperate bid from the lawmakers to help reduce the number of breaches.
You might feel that the best way of securing your data is to invest in top-of-the line software and equipment. There’s something to it, yes, but over half of organisations have had a security breach that was a result of employee negligence.
It’s a clear indicator that employee education can go a long way, and good practices can mitigate at least some of the risks. We aren’t talking about measures that require IT experts to enact – that’s why these tips can help you right away.
1. Clean Your Desk
Clutter-free desks confer not only aesthetic, but also confer security benefits. Even in the age of digital data storage, plenty of documents are still printed out and distributed in paper form. Some of these may be confidential or contain personal data.
So, what’s one to do with it? Certainly not place it on the desk and bolt for lunch, leaving it in plain sight for everyone to see. This is how information leaks happen, and curiosity can get the best of even the most well-meaning employees.
The solution? Stow your files away from plain sight, in locked drawers or at least under your desk. There’s much less of a chance the documents will get accidentally lost or read.
2. Logging Off is Essential
Logging off whenever you or your employees aren’t at your workstations is a good practice that doesn’t take much effort. Besides keeping work-related information on the computer safe from prying eyes, any personal data the employees could have on the PC is similarly protected. (Cluttered desktops, anyone?)
BYOD and CYOD policies do not suffer from ‘log-off’ forgetfulness, and people tend to take greater care over the devices they have selected and own. (They bring a host of other issues, though.)
You will also save electricity by mandating that computers be turned off after work. If they are password-protected, you can be reasonably sure your data is safe. Of course, this basic level security is a joke for anyone with malicious intent, but workstations should not contain sensitive data anyway. Remember, plenty of breaches occur inadvertently, without ill-intentions – this is what we are trying to avoid.
3. Shred It
Tossing the papers in the bin is perfectly fine – unless they contain personal or sensitive information. If you deem that unauthorised access to this information would put someone’s data at risk, you should dispose of the material in a responsible manner.
Paper shredders are a worthwhile investment thanks to their low cost, ease of use, and portability. They are simple to use and don’t create much mess, while adding another layer of basic security. We say basic because these pieces can still be recovered, so critical data should be handled in a different manner , likely by hiring dedicated data destruction professionals.
CDs, DVDs and magnetic tapes can also be destroyed in this fashion, but usually not in ordinary paper shredders. Some producers market ‘combo’ devices that can handle all these media along with paper. Safe destruction is the end step in your data processing operations, but it is extremely important. You will receive erasure requests that you’ll have to comply with, and delete data at the end of retention periods. Remember, the GDPR does not allow you to store data indefinitely. You must delete irrelevant data.
4. Lock It
Where do you go with all the papers moved from the desk according to tip #1? Well, sensitive and important data should be stored properly. Security cabinets should be a mainstay of every company. Control who has the keys, and you’re saving yourself from a lot of headaches.
Consider purchasing lockable office furniture for safer storage of day-to-day data. Advanced solutions consist of keypad coded locks that also keep access timestamps. These are enticing solutions for sensitive company and personal data.
What about laptops and computers? They can be hauled away as well and their data misused. Avoid this by installing Kensington locks for laptops. Lock away all the tablets and unused phones, as well as USB thumb drives and other portable storage. No matter the cause for data breach, it is ultimately your responsibility.
5. Don’t Write It
Password security doesn’t mean much if you can find the password on a post-it note behind the computer screen. Avoid this basic form of ‘password management’ at all costs. It is extremely insecure and defeats the purpose of passwords. Implementing a sound password management policy, possibly utilising a single sign-on-system, is a good choice. It takes time to set up, though.
In the meantime – and later on – you can set up password managers that require your employees to remember a single password, while others are safely stored within the application.
These simple tips can help your company plug the most obvious ‘leaks’ that can cause a data breach. They will significantly increase your data security at a minimal cost. Most of your efforts will be focused on employee education, which is always a sound investment. It’s a fantastic way of ensuring GDPR compliance during the entire data lifecycle.