Safeguard your Business Against a Data Breach
All businesses, large and small should be aware and take steps to guard their customer data and business files against a data breach.
Statistics show that in 2017 alone data breaches cost UK businesses a staggering £2.48 million!
Any business that holds customer data needs to take adequate steps to securing the records they store, be it printed records in archives or records stored on a computer system, network or online. Even records stored on disks or portable drives, USB drives need to be encrypted if they are taken off the premises or moved between different office locations.
Every business has the duty to protect customers personal data:
Article 5 (1) f) of the GDPR Guidelines state that all personal data shall be:
“processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)”
Recent high-profile cases of large organisations who spend millions on data security can even leave themselves open to cyber-attacks. Yahoo in 2013 compromised 3 billion users accounts as personal data was hacked into, making it the biggest data breach of all time. Other examples include multimillion dollar organisations such as Wonga, Deloittes and Sony Playstation where customers have also had their data compromised at the hands of hackers.
Sometimes it’s as simple as an administrator account being left open. Other times it is a bug in the anti-virus software that is targeted. Luckily, there are simple tactics you can implement in your office to avoid a potential data breach…
You’ll be surprised to realise that one of the major threats to security is actually from current or former employees. It’s essential that existing staff have access to:
• Information on how to handle company data – both digital and paper records
• A relevant and up to date security policy for the company and where the document is stored
• Instructions on what to do if they think the data has been compromised and how to identify a risk, i.e. phishing emails
• The steps to take in the event of an attack and who to inform
It’s also paramount that all employees leaving the business hand in laptops, phones and other portable devices prior to exiting.
Your business can also protect data by limiting who has access to particular files within the office. You can password protect documents or give employees access to just the folders they require to carry out their daily tasks.
Managing the types of websites staff can access at work is also good working practice. Not giving employees access to personal emails when at work or blocking certain websites that are not relevant or could compromise security is a good way to start.
Using cloud storage is also a secure way of maintaining your data. There’s no need to back up company data by removing disks or tapes from the premises. The servers are managed off site, encrypted and kept secure by an external company who monitor the security on a regular basis.
Securely lock away all your important files in appropriate filing cabinets. Better still, scan and save archived documents and shred anything that is out of date or not required as a physical document any longer. Ensure anything that does need to be shredded is secured in a lockable container to avoid it being recovered.
For more information see: