Dos and Don’ts of Data Protection for Your Company

Dos and Don'ts of Data Protection

According to a survey of over 1,100 professionals across the world, conducted in 2020 by Experian, despite spending more money and time each year on cyber security, companies are also growing more and more worried about data breaches and cyber-attacks.

Source: PurpleSec

The global cost of a data breach on average was $3.83 million for 2020. This was a decline from $3.92 million in 2019, however, the volume of records affected by data breaches has gone up by 141% up to 37 billion in total.

Data safety is definitely something that your organization should always keep a close eye on, but the fear of potential data breaches, identity theft, or other cyber-attacks should not paralyze you.

This is why we’ve compiled these dos and don’ts of data safety to help protect your business and customer data from online threat actors.

Do: Create Unique and Strong Passwords

The first and often the most important layer of protection between your company and customer data and any hacker is a strong and unique password.

When it comes to passwords, be sure that your employees are not using the same password for more than one login, but that each login has a unique password.

Passwords should be at least 10-12 characters long and to contain upper and lower case letters, special characters, and numbers to better against password cracking and brute-force attacks.

Don’t: Use Customer Personal Information for any Purpose Other than Intended

If your business is collecting any personal information from customers, make sure to clearly explain on your website for what exact purpose you are doing this and for how long are you keeping data.

Depending on where your business is located (US or EU for instance), you may need to have an opt-out or an opt-in visible on your site to allow users to disallow or allow you to collect, store and manage customer data.

Once you no longer need the data for a specific purpose, be sure to permanently delete it.

Do: Use Two-Factor Authentication

While passwords are definitely important to protect your network and devices, they might not be enough to prevent a hacker to gain access to them.

Instead, have your employees use two-factor authentication (2FA), which will provide an extra layer of data security for their accounts such as a verification code via SMS.

Don’t: Leave any Data or Personal Information Unattended

With Covid-19, many organizations have switched to remote working in full or in part.

This means more people working from their homes, but also from various public places like cafes, restaurants, parks and so on.

With the greater exposure that comes with public WiFi in these places also comes a greater risk of data breaches and cyber attacks, including Man-in-the-Middle (MitM attacks), so be sure to educate your employees not to leave their devices unattended and to log-off when done with the services they are using.

Do: Educate and Train Your Employees in Data Privacy and Security

Speaking of educating employees, data privacy and security is a huge field and whether they are handling their own data, the organization’s or customer data, your employees should know how to secure it and make sure it doesn’t fall into the wrong hands.

For this, your organization must spend time and money to actually educate and train employees in cyber security. This can be done through courses, webinars, training camps, guides, even “phishing drills” where you send out a fake phishing or scam email and see how well the employees respond to it (or not respond)

Do: Encrypt Data

Despite your best effort at protecting data, sooner or later, hackers might breach your network and computer system.

If that happens, not all is lost and you can still make sure they have a damn hard time actually doing anything with the data they got by encrypting all your important data.

There are two types of encryption you can use, symmetric and asymmetric, where symmetric uses the same key to encrypt and decrypt data, making it faster, but less secure and asymmetric, which uses a public key to encrypt and a private key to decrypt data, so it’s more secure, but slower.

Don’t: Reply to Emails Requesting Personal or Financial Information

Scammers will surely try to get personal or financial information off of your staff, so it’s important that they’re careful about how and when they respond to emails, especially from unknown senders.

One of the first things your employees need to learn about data protection is to double-check who is sending them an email and if it is really the person or organization that it claims to be.

This goes double for any emails that request any kind of sensitive information such as usernames and passwords, bank account information, credit card details, health data, etc.

Do: Install Security Updates Regularly

Software updates are not there just for the sake of it, but they actually have a crucial role in securing software from cyber attackers.

No software or operating system is safe from hacking and sooner or later, hackers will discover a weakness in it that they can exploit. This is why installing security updates regularly is so important for protecting them.

Don’t: Open Links or Download Attachments from Unknown Sources

We already mentioned that you or your employees should pay heed not to give out any sensitive information to unknown senders via email, but that’s not the only thing that you need to worry about when you receive an email.

Email can also be used to send files, such as .zip, Word, Excel and other, but you shouldn’t just click on them as soon as you see them as they might contain malicious software that can infect your entire network and system.

Instead, if your employees receive an email with an attachment that came from an unverified source, they should report it to the person you’ve designated for cyber security in your organization.

Do: Report Anything Suspicious

Finally, every suspicious email or other activity should be immediately reported to the responsible person in your company, even if it was just a false alarm.

This way, your organization will be able to respond better and faster to actual cyber attacks and potential data breaches.

Conclusion

Data security has become the key issue for many companies, especially as many have switched to remote working.

In this article, we wanted to give you some quick insights or dos and don’ts to protect your organization from hackers and, with it your customers.

This is not something that depends on one man or even one department, but is instead a continued team effort as every member of your staff needs to know how to avoid a cyber security risk.