5 Helpful tips to protect your company data

“Information” is one of the most valuable assets of the company!

Companies spend a lot of time gathering and storing information in various forms. It could be customer information, information related to employees, company set registrations, recruitments, research information, etc.

This information can be targeted by certain parties to have exploitative or ulterior motives.

Here are some of the most recent stories on security breaches and issues that affected some companies and its customers;

§  LinkedIn Password information leakages

§  Virus Heartbleed bug that affected sites like Gmail and Facebook

§  Government websites in Sri Lanka being hacked

Credit card fraud and and financial information leakages are also very common, and sadly we hear of many incidents of identity theft as well.

Data protection and cyber security are becoming more and more important. The fact that Google has started giving higher rankings to websites that have SSL encryption, is proof for this.

There are many tools and techniques that can be used to protect your data in a company. However, to ensure the success of these measures, here are few tips that you may find helpfu

1. Better planning for data storage and protection

In order for the actions to be timely, all organizations need a data protection plan or a schedule. It is common to see that most organizations use backups as their primary way to store and protect data.

But the main issue is that most of these organisations back up information and data only in one location or at limited number of times.

However, storing data backups in various locations and updating them appropriately and frequently is very important in the long run. Some key areas to keep in mind when protecting and storing data include;

§  Location: Should data be backed up on-site or online or is a distant location

§  Frequency: How often should data be backed up – is it as and when changes happen?

§  Personnel: Who should be responsible, and accountable for the backups and security

2. Keep the staff informed about privacy and increase awareness of data protection

As an organization, you should provide enough information for your staff on how they could protect their work information through data protection training sessions, discussions and demonstrate simple techniques and tools they can incorporate to their day to day activities.

Some common actions taken by most companies include;

§  Forcing employees to change their passwords of their PCs and certain software every month

§  Permitting only registered external devices to be plugged into the company PCs

§  Using networked services to monitor company owned PCs and mobile devices

§  Securing unwanted software installations by granting permission only to administrators

§  Blocking sites that might be of security concern

Tip: Use phrases and symbols in passwords

3. Manage the use of information

Information can be classified by sensitivity, department or authority within a firm. Therefore, you should decide which pieces of information should be shared and add restrictions on how they should be used (again depending on the type of information).

In this manner, you could use permission-based access solutions (Eg: the share option in Google Drive), biometric verification systems, and encryptions when transferring information.

These tools may be used not just for internally, but also to manage what bits of information should be shared with your different stakeholders and platforms (like in social media).

Furthermore, as there are legal implications of handling sensitive information like client information, most often asking staff to sign Non-Disclosure agreement (NDAs) is part of the companies responsibility.

4. Create an effective security culture

No practice is effective unless everyone believes and enacts it. Therefore, it is the duty of each other to build a culture that provokes data security as a core value of the organization.

As a part of the organizations’ policies, it is quite important to have a policy that explicitly states how to use data and how the firm manages information. Clear definition of these policies can act as a guide to all the employees.

Companies should also publicly announce the policies so that stakeholders know how data is protected, and used. Those signing NDAs however should be well aware of how far they should protect the information and the implications of letting any information get out.

5. Be aware of policies and laws in your country

To act in the case of an emergency, you should know what rules and regulations are set by the country or state law. It is vital to have an idea about the policies and laws relating to data use, and incorporate those practices to your day to day activities, and not merely in the case of an emergency.

In addition, as there are many law enforcements in every country that you should be aware of. Here are some tips published by the Information Commission Officer in UK and the Information Communication and Technology Agency Of Sri Lanka.

“Data security is a key component in the business world- defending data from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction, this is the ultimate goal for BQu Services” – Gehan Jayakody, Network Administrator at BQu Services.

Created: September 16th, 2014