Posted on Jan 08, 2019
Since the introduction of GDPR last year, it’s more important than ever that all businesses, big or small, are taking steps to keep their online activity safe and secure and prevent data breaches.
Use secure passwords
The first step to keeping any account secure, is to use complicated passwords. Passwords are classed as ‘strong’ when they include a combination of upper and lower case letters, numbers, and special characters. Avoid obvious passwords or a password that is related to you personally or your business, such as names, addresses or significant dates.
It’s also wise to use different passwords for different accounts - this will mean if you are hacked or have a breach, attackers will struggle to access all of your accounts which will minimise damage and data losses.
Keep your accounts secure
On top of creating high strength passwords, if you’re a business, you also need to ensure that you keep track of employees who leave the company and ensure their accounts are successfully closed down. It is important to prevent them accessing personal or sensitive data when they are no longer a company employee.
Portable USB Drives
Avoid putting personal or sensitive information onto a portable USB drive or memory stick. If you are using a different computer, or leave your USB stick behind somewhere or lose it, you’ve left yourself open to a data breach. If it is completely necessary to have your data stored in a portable format, make sure the memory stick is encrypted with a strong password so that in the event that it goes missing, your data is protected.
Minimise the data you hold
Review how you collect data
Nominate a Data Protection Officer (DPO)
Designate someone within your company to be your DPO, this is someone who will take responsibility for data protection compliance within your organisation, and ensure that all employees are adhering to the data protection policies. You should also ensure that you have steps in place in the event of a breach, including processes to identify, report and investigate a data leak. Your DPO should be someone who doesn’t have a vested interest in the data the company collects to reduce bias.
Educate staff on cyber security
Make sure all of your staff are aware of the consequences of a data breach. Everyone needs to be aware of the GDPR policies, no matter what job role. This should minimise data losses caused by human error, and it is important to document staff training on data protection as in the event of a data breach, you can reference all attempts that you have made to protect data.
If you’re a business looking for no-cost training on data protection and data security for your staff, get in touch with a member of our team. Our Level 2 qualification in Data Protection and Data Security will give your staff the skills and knowledge to handle data with confidence.
For more information, contact firstname.lastname@example.org or call us on 01388 471 336.