fbpx Skip to main content

A Short Guide to Data Security Practices for Your Business

By August 28, 2017December 13th, 2017Security
Data security practices

Much has been said about data security practices and cybersecurity measures that businesses should follow. All the information and recommendations out there can be confusing and overwhelming. Large data breaches and multiple scary ransomware attacks have dominated the news for years now. Each time businesses have to ask, “Should we be worried? Are we a target? What can we do to defend ourselves?” So here’s a short beginner’s guide on keeping your data safe and your risks low.

#1 Don’t ask for information you don’t need

Don’t ask for and don’t hold confidential information “just because”. If you don’t store Personally Identifiable Information (PII) or collect other sensitive, confidential data, you don’t have to worry so much about protecting it. Do you really need to ask for Social Security numbers? Do you need a customer’s full birth date? Ask yourself what is truly appropriate and necessary for each situation. By reducing the amount of unnecessary sensitive information you ask for, you can reduce your risks and your liability in case of a data breach.

#2 Secure your data

There are three questions to address when securing the data you’ve collected.

  • Do you need to keep sensitive data?
  • Is your data shared responsibly?
  • Are you storing data securely?

Do you need to keep it?

First, cyber attackers expect you to keep everything you’ve collected, whether you need to hang on to it or not. Why? Because this sloppy policy is very common and gives attackers an easy goldmine of confidential data to hack and exploit – data that businesses may not even remember they have and need to secure! Disappoint hackers and reduce your security risks right away with a policy to review, assess, and dispose of data regularly. If you don’t have a legitimate business need for confidential information, get rid of it.

  1. Periodically review your stored data. What do you have?
  2. Assess what data you need to maintain. Are you using the data?
  3. Securely dispose of unneeded, unnecessary data.

Do you need to share it?

Second, don’t use confidential information in inappropriate contexts. Don’t overshare. You will need to collect and store sensitive data for some things, such as hiring new employees and maintaining customer accounts. But be aware of what you’re sharing with your vendors, partners, contractors, employees, and customers. Do these audiences need to see all the information, or just a relevant part? Have you combined information in a way that makes people identifiable?

Some tips:

  • Before sharing documents, always review them for Personally Identifiable Information (PII). Remove information such as Social Security numbers, birth dates, and financial information.
  • Delete sensitive information from spreadsheets before sharing them with recipients who should not see that information.
  • Don’t use real documents or real customer files as mockups or samples.

Did you store it securely?

Third: You know what sensitive data you have. You know what you need. You know where it is. But is it secured? One of the best ways to secure data is to strictly control who has access to it.

Not all of your employees need unrestricted access to all your data and confidential information. Grant your users access to only the data they need for their jobs. Restrict administrative access to just a few key, trusted personnel.

For example:

  • Employees who do not use sensitive data gathered during the hiring process should not be able to access those records.
  • Documents with sensitive information should be locked away physically and out of sight with a “clean desk” policy.
  • Shared workstations should have separate password-protected logins for each user.
  • Immediately close and remove user accounts and password-protected logins for former employees.
  • Periodically review all user accounts and permissions to clean up any defunct accounts or unnecessary access.
  • Update your business’s policies and procedures to include security steps, especially when hiring, onboarding, training, and offboarding employees.

And finally, as is always important, secure your systems and data with strong passwords, a good password storage policy, and multi-factor authentication.

#3 Train your employees to follow data security policies

And finally, do your employees know how to keep your data secure? Are they aware of your data security practices? Can they recognize a phishing scam in their inbox? Do they know what Personally Identifiable Information (PII) is, and how they should and should not use it?

To effectively enforce any data security policies and procedures you put in place, your employees need to be educated. Your employees are the #1 greatest risk to your security, but they can also be your #1 defense against attacks. So train all employees – new, old, part-time, full-time, seasonal, and temps – on the standards and policies you expect them to uphold.

Consider regularly updated online security awareness training for all your employees to help them understand cyber threats and how to recognize and deal with them. You can also go one step further and invest in interactive training with regular tips, phishing attack tests, and more.

But also remember: A culture of good data security practices starts at the top. Managers, supervisors, and leaders in your organization need to demonstrate smart, sensible security measures in order to create a culture of security.[/vc_column_text][/vc_column][/vc_row]


Recent Posts / View All Posts

Disaster Recovery

Importance of a Reliable Disaster Recovery Plan for Your Business

| Email, Managed Services, Security | No Comments
Running a business is not always a smooth-sailing operation. There are often things that could go wrong regardless of how cautious you are or how hard you abide by the so-called rules. Because of this, you should have a good backup and disaster recovery plan in case a disaster happens, like an accident or a cyberattack. There are plenty of BDR solutions for different businesses. You must find the one that fits your needs and will protect your network and data in the best way possible. Understanding Backup Disaster Recovery All businesses deal with important information, like details about transactions,…
Social Media Phishing

Quiz Time: Can You Handle Social Media Phishing Attacks at work?

| Managed Services, Security | No Comments
Our last three blogs have discussed cybersecurity threats and how they affect a business. We have talked about the dangers that stem from various types of malware. We have warned you about the newest cybersecurity risks expected to wreak havoc on businesses soon. And in the face of the ongoing growing acceptance of remote work setups, we have delved into the threats related to working from home. Now, we will now talk about social media phishing. The common thing in all these topics is that they are all linked to phishing. A strong phishing attack can make a network open…
Risks of Working from Home

Addressing the Cybersecurity Risks of Working from Home

| Business Productivity, Managed Services, Security, Tech Tip | No Comments
A remote workforce has become the norm since the pandemic. Even now that we consider it safe to return to office work, many businesses have maintained the remote work setup because of the advantages. However, the risks of working from home also bring issues that need attention so as not to risk the company’s network and data. What Are the Cybersecurity Risks That Come with Working from Home? There are risks when working from home. Workers lack the usual protective measures used in an office network. Many workers use their home networks and may also use the same device for…