Protect your data on the first Data Protection Day since the General Data Protection Regulation (GDPR) was made effective. Awareness of how to properly safeguard data is therefore heightened this year.
On this Data Protection Day, Neuways has compiled 10 top tips to help keep your data safe:
1) Review your data protection policies
The cost of non-compliance is now enormous and with the European Union treating GDPR with the utmost importance, as demonstrated by Google’s recent £44m fine, it is time to review your existing data security policies.
A strong information security (InfoSec) policy is a vital step to take to protect your data. SANS Security Policy Template is a free check-list resource which can help you secure your business network, servers, devices, and software.
2) Two-factor authentication
Consider using two-factor authentication for your business logins. By incorporating multiple layers of security, your critical data is far more secure. Credentials such as passwords and email addresses can be stolen, but if you enable two-factor authentication to send a code to your mobile device, you can prevent prohibited access.
3) Consider a Data Detox
Data is everywhere – the average user of the internet unknowingly signs up to approximately 150 accounts. The Data Detox Kit, first produced in 2017, is an excellent tool for tracking your digital footprint across the web. As an end user, you are responsible for your internet usage, so consider a data detox to review the various permissions across your devices and equip yourself with knowledge of what major companies do with your personal data.
4) Make sure your backup solutions are water-tight
Review your business continuity and disaster recovery solutions. It is recommended that you deploy backup solutions both locally and in the Cloud, ensuring that if your data is breached, you have options for restoring your critical business operations.
5) Dispose of paper data responsibly
Protect your data, even if it is on paper! Looking after paper data is straight-forward, but is often forgotten! Try not to write down passwords or sensitive information on post-its or loose paper and consider using a business-grade shredder to destroy confidential business data. You wouldn’t tell a colleague your login credentials, so don’t inadvertently deliver them into the hands of criminals.
6) Be vigilant with your business partners’ data breaches
Working as part of a complex supply chain, your business is at risk of compromise if your business partners are not as proactive with their data security. If an organisation you work with suffers a data breach, change your passwords and ensure your cyber security defences are functioning as intended.
7) Review your passwords
With users signed up to numerous individual services, it can be tempting to use a single password for every login. But with weak or stolen passwords are used in 95 percent of web application attacks, this is not a secure method.
A password manager is worth considering as a solution, allowing you to create lengthy, unique passwords without the burden of needing to remember them all. A good password manager will auto-generate new passwords periodically, help spot phishing sites, and sync your passwords across multiple devices.
8) Protect your mobile devices
Smartphones and tablets are now business-ready, so it is essential to employ best practices when using mobile devices for business purposes:
- Consider using a reputable mobile security app;
- Encrypt your device;
- Disable WiFi and Bluetooth when not required;
- Regularly backup to the Cloud and enable remote data wipe if available; and
- Use a pin, password, or screen lock. Many mobiles now use fingerprint recognition too.
9) Learn how to identify phishing attempts
Phishing, the impersonation of a trusted website or email correspondent, is the number one method to steal business credentials. Low risk and high reward, phishing is the quickest way for a cyber criminal to gain access to your data. Prepare with IT awareness training to make sure that your employees do not fall victim to a phishing attack.
10) Keep your software and devices up to date
The easiest way to protect your organisation – make sure that every single device and all your software is kept up to date. These updates often include security patches issued in response to the latest cyber criminal methods.
