Data Protection: Tips to stay secure online

Posted on Jan 08, 2019

Since the introduction of GDPR last year, it’s more important than ever that all businesses, big or small, are taking steps to keep their online activity safe and secure and prevent data breaches.

Use secure passwords

The first step to keeping any account secure, is to use complicated passwords. Passwords are classed as ‘strong’ when they include a combination of upper and lower case letters, numbers, and special characters. Avoid obvious passwords or a password that is related to you personally or your business, such as names, addresses or significant dates.

It’s also wise to use different passwords for different accounts - this will mean if you are hacked or have a breach, attackers will struggle to access all of your accounts which will minimise damage and data losses.

Keep your accounts secure

On top of creating high strength passwords, if you’re a business, you also need to ensure that you keep track of employees who leave the company and ensure their accounts are successfully closed down. It is important to prevent them accessing personal or sensitive data when they are no longer a company employee.

Portable USB Drives

Avoid putting personal or sensitive information onto a portable USB drive or memory stick. If you are using a different computer, or leave your USB stick behind somewhere or lose it, you’ve left yourself open to a data breach. If it is completely necessary to have your data stored in a portable format, make sure the memory stick is encrypted with a strong password so that in the event that it goes missing, your data is protected.

Minimise the data you hold

As part of GDPR, organisations should only hold ‘necessary’ data. So if you don’t need a customer postcode, don’t ask for it. Any data which is no longer required should be erased in line with the correct procedures outlined in your privacy policy. It is also useful to regularly ‘cleanse’ the data you hold to ensure that you are only holding accurate and necessary information. If you don’t have a privacy policy, this advice from the Information Commissioner's Office has a list of everything you should include.

Review how you collect data

It’s useful to consider how you collect data in the first place. There are a few things to take into consideration, including whether you have consent to manage personal data, and what the lawful basis for processing activity is - this should also be documented in your privacy policy.

Nominate a Data Protection Officer (DPO)

Designate someone within your company to be your DPO, this is someone who will take responsibility for data protection compliance within your organisation, and ensure that all employees are adhering to the data protection policies. You should also ensure that you have steps in place in the event of a breach, including processes to identify, report and investigate a data leak. Your DPO should be someone who doesn’t have a vested interest in the data the company collects to reduce bias.

Educate staff on cyber security

Make sure all of your staff are aware of the consequences of a data breach. Everyone needs to be aware of the GDPR policies, no matter what job role. This should minimise data losses caused by human error, and it is important to document staff training on data protection as in the event of a data breach, you can reference all attempts that you have made to protect data.

If you’re a business looking for no-cost training on data protection and data security for your staff, get in touch with a member of our team. Our Level 2 qualification in Data Protection and Data Security will give your staff the skills and knowledge to handle data with confidence.

For more information, contact or call us on 01388 471 336.

Back to news