We talk a lot about the physical security of data in our blogs, rather than online issues (and why wouldn’t we, we’re shredders after all). But this week, we wanted to stray into the digital world. After all, more and more technologies are helping us move confidential data away from paper and into the digital space, so this is becoming more of a concern for business owners. But once the data is digital, how do you protect it? You can’t lock it away in a drawer or shred it when you’re done with it. And while the business may have protections in place, it’s ultimately the people in the business who pose the most risk to your data. So today, we have 20 tips to share with your employees, which will help keep your data – and theirs – safe online.
- Stay up to date with data privacy laws. So if you haven’t already done company wide training on GDPR and what it means, that’s your first step. Since GDPR strengthens data protection for EU citizens (which we are at time of writing), your employees need to understand how to be compliant.
- Set a screen password or PIN for every mobile device. Any device that is lost or stolen that doesn’t have one is completely unprotected.
- Don’t use easy-to-guess PIN numbers or passwords. Long string passwords with special characters and numbers are best. If you struggle to remember these, download a password manager to help.
- Put a system in place to securely shred all paper documents that contain confidential information as soon as they are no longer needed. This could include a secure document shredding console for employees to drop documents into, that will be emptied by a secure shredding team.
- Install anti-virus and anti-spyware software on all machines, and a firewall on all hard drives.
- Keep all software up to date. Make sure your employees are all installing security patches and updates as they come out – not ‘waiting’ to avoid a slight slow down, or just avoiding it because they can’t be bothered.
- When setting up an internet enabled device, use a unique username and password – not the default it sets you up with. Make sure you enable auto-updates as well.
- Don’t share filed or confidential data on public WiFi.
- In public places, make sure you use a VPN (virtual private network). This makes sure all your traffic is routed through a single, remote server, and not the highly insecure public WiFi network.
- Encrypt data on all mobile devices, including USB drives and portable hard drives. This will make the data unreadable to anyone who doesn’t have the decryption key, keeping it secure from anyone who doesn’t have permission to view it.
- Don’t post confidential information on social media. Make sure you go into the privacy settings and hide personal information you have to include, such as birthdays and hometowns.
- May websites or hackers can identify where you are based on your mobile phone. So unless you actively need the GPS tracking function, turn it off.
- Use two-factor authentication to help keep strangers from accessing any of your accounts. That way even if they do manage to hack or steal your password, they would still need that second verification step before they can get inside.
- Unless you’ve initiated contact, or you know exactly who you’re dealing with, don’t give out personal information on the phone, through email or over the internet.
- Don’t open files, click on links or download programmes sent to you by strangers or odd email addresses. It may be a phishing scam and can open up your computer – and the whole network – to malware.
- If your employees work from home regularly, make sure they turn off their home router if they go away to avoid hacking attempts.
- Don’t use the automatic login feature on computers that saves your username and password. Though this might be a great time saver, it’s not secure at all! Always remember to log out when you are finished.
- If you don’t understand the privacy policy on a website, don’t use it.
- If you can, keep wireless settings turned off on wearable devices like Fitbits or smartwatches until you need to sync the data to your phone. They are not heavily secured and could be an easy access point.
- And finally, always remember that data on a hard drive can’t be permanently deleted or removed. You should always physically destroy and shred hard drives when they are no longer needed, and not sell them on.
You may have noticed, but some of those points actually mentioned shredding as a way of keeping your online data safe. Isn’t it funny how those things link up? The truth is, your physical data security can have a huge impact on your digital security. Whether that’s leaving your passwords on a post-it on your desk (don’t do that) or trying to make a few extra pounds by selling an old hard drive. Shredding is still a key part of digital security. To find out more about how Greenaway can help you shred documents, hard drives and even old products, just get in touch with us today.
Recent Comments