Have you ever encountered a sales person who travels from place to place with a pre-built list of potential contacts on a USB stick? or ever heard a story of confidential information being thrown out in bin bags? Chances are you have encountered both. Data protection is a hot topic, our personal information is required for more and more reasons, from social sites to gaming, insurance quotes to medical assistance. The EU and UK Government are taking a tougher stance on ensuring companies comply with data breaches with the ICO (Information Commissioners Office) dishing out fines and punishments.
To help you ensure that you can mitigate your risks, we have compiled a list of actions you can take.
- Confidential Paper Waste.
It is imperative that any paper waste is shredded securely.For those that have watched the Film Fargo, paper shreds can be pieced together, so it is important to use a quality grade shredder that complies to the requirements of any regulations you may have to adhere to. There are multiple standards for shredding waste ranging from P-1 ,12mm but any strip width to the very secure P-7 less than <5mm and <1mm in width. There are a number of options for physical onsite shredders from companies like Rexel, and many opt to use secure shredding organisations to ensure waste is properly destroyed.
- Prevent Physical Access.
Devices that contain data like laptops and desktops can be locked down to deter the physical removal from the site.In addition, any USB drives or devices should be locked in secure draws when not in use. You can also control access to these to ensure risks are minimised.
- Use Two Factor Authentication.
Two factor authentication (2FA) is just that. No access can be granted to the data without two security elements being correct. A good example would be online banking which normally requires the bank cards pin being recognised by login device and a synchronised code being input into the banking portal. This provides a robust security layer for your data.
- Encrypt Your Data
Encrypting your data helps protect the privacy and security of any files that may be transmitted from your computers. Encryption standards vary and can be applied to mobile devices, compute devices, flash drives, storage devices and email.
- Intrusion Prevention, Viruses and Malware.
By investing in managed Antivirus which is always on and updated to cover the latest threats can prevent any malicious activities on your computers and mobile devices. Do not open any email that is not from a trusted source or appear a little dodgy. Always better to air on the side of caution.
- Ensure Software and OS Systems are up to date.
Always ensure that your software and operating system are updated, these updates protect against new threats and any vulnerabilities that manufacturers may discover. A recent example would be the critical update of Adobe flash, which previously, had allowed hackers to take over computers.
- Endpoint Protection.
Endpoint protection helps you to protect data and will prevent the salesmen walking or emailing your client list to your competitor. This solution can set policies locking down USB ports and prevent emails being sent with certain data files/types. When anyone attempts to remove the data, notifications can be sent to a nominated administrator for further investigation.
- Education and Awareness.
Not every data breech is malicious, and many are down to employees being careless. Spend time with your teams educating them on the rules around data and best practice. A little investment early on with staff could prevent a hefty fine later.
If you would like more advice on how to protect your business and mitigate risk of data loss please contact our team on 020 7043 1291 or visit our Services page