General data protection tips
Any organisation is going to have information that should remain private. Whether it is the personal information of employees, client lists or something similar, data security is of vital importance.
Let's discuss a few tips for your organisation to keep your data secure.
Keep it offline
As a rule, if there is no value or benefit in having a piece of private information online, keep it offline.
Even if ransomware (or another virus) made it onto your network through the internet, information that isn’t there can’t be stolen.
There are many benefits of having information on your network, so you should address the management and handling of sensitive data in your cyber security policy and create procedures accordingly.
For example, if you have client data spanning several years (say 2015 – 2020) on your network, consider to only store data of the current year (say 2020) on your network and move data from previous years (say 2015 – 2019) to an offline location.
Combine education and technology
You’d think that security breaches would be initiated by internal employees or external parties seeking financial gain or revenge.
In fact (link to https://www.egress.com/en-us/news/2020-outbound-email-security-report), the causes of the most serious breach incidents were mostly employees being tired or stressed, resulting in staff:
- unknowingly replying to spear-phishing emails (80%)
- sending emails to the wrong recipients (80%)
- attaching incorrect file (80%)
Something that needs to be mitigated using a combination of training and / or education and cutting-edge security technology. To future proof your business, you need to support and protect staff against security risks with technology that adapts to the arising pressures and stops them from making simple mistakes in the first place.
Another rule you should consider is restricting access rights to information. It may be unlikely that every employee in your organisation needs access to all data in your network. Give appropriate access rights to different departments, that way the risk of data leaks is being reduced.
For example: Employees' personal information should only be accessible by managers upon request and requests should be handled by HR/payroll personnel.
In general, keeping extra sensitive information offline, educating employees, using cutting edge technology, and managing access rights are important steps to protect data.
G2IT can assist you with the design and implementation of effective cyber security solutions, so you can concentrate on running your business.