Keeping business, employee and customer data secure has never been more important. The Government estimates that 4 in 10 UK businesses suffered an attack or breach between 2017 and 2018. With new regulations from GDPR, and the existing Data Protection Act, the potential implications for businesses not adhering could be incredibly damaging, meaning that data protection should be one of the major considerations for your business.
GDPR
Since the EU introduced the General Data Protection Regulation in 2018, consumers have been given much more information and power over how their data is held and processed by companies. GDPR includes a fine of €20 million or 4% of annual global turnover (whichever is higher) if a business is found in breach of the term.
You can find information from the ICO about how to be GDPR compliant here
Antivirus
It can seem like it’s just there to slow down your computer and annoy you with pop ups every now and then, but antivirus software is important to keep your computer and network safe. There are many different offerings available, from paid suites such as Norton and McAfee, and alternatives such as AVG and Avast, which operate on a ‘freemium’ basis, meaning that they operate for free, but have some features behind a paywall. Having a good antivirus suite protects you from viruses which may seek to obtain personal information from your systems, and often provide useful tools such as firewalls, which block unauthorised access.
Update
Keeping your software up to date is an overlooked, but important step to keep your company data secure. The WannaCry ransomware attack which affected the NHS amongst others was largely a result of the organisation using the outdated Windows XP operating system, which Windows hasn’t supported with patches since 2014. Software developers routinely release new updates for their software throughout its lifetimes. These not only introduce new features but are also patches to fix security bugs which may leave a system vulnerable to attack.
Setting your systems to automatically download software updates can help you to keep your systems protected.
Insider Threat
Insider threat is the risk that employees at your business have on cyber security. Covering both intentional attacks and unintentional mistakes, employees pose a significant risk to the integrity of digital data in your business.
What is commonly known as BYOD, bring your own device, is also a risk to the integrity of your data security, since it introduces a system out of the control of the business. The best way to combat BYOD and other non-deliberate insider threat is to introduce a culture of data protection throughout your business. Training your employees to adopt good cyber security as part of their routine can help you raise awareness of how important protecting your business’s computer systems is.
Password
Is your password Password12345 or qwerty? If so, you have a weak password! Compromised passwords accounted for 4 out of 5 data breaches according to Centrify. In order to ensure that company data is kept secure, it’s advisable to create strong passwords, which you only use for one service.
Encryption
Encryption is an important part of data security. As a method of rendering data unusable outside of your network, encryption works by turning plain text into an incomprehensible file. There are many tools available that allow you to encrypt anything from emails to USB sticks.
Paper Shredding
Whilst a lot of data is now held online, a significant amount still exists in paperwork. Any personal information should be shredded so that it isn’t readable anymore. Studies have suggested that 48% of households had thrown out all the information that would be required for identity theft, with 46% throwing away paperwork with their full bank account details. Whilst the vast majority of information theft is now online, you are still accountable for personal information your business places in the bin under Data protection law.
Keeping data safe can not only help keep your business legal, but it is great for maintaining a positive public perception about your company. A data leak can be a PR disaster. The credit bureau Equifax suffered a significant data attack, exposing 145.5 million consumers personal data. Equifax was able to mitigate some of the damage with a fast response, offering free credit monitoring for a year, but in 2017 54.2% of Americans believed that Equifax should no longer be allowed to serve as a credit bureau. Maintaining good data security then is essential should the worst occur.
