There is no escaping the threat of data breaches. Organisations are being warned about data breaches in the media, regulators are demanding improved information security and the public is getting more vocal when organisations make mistakes.
You may well think that staying secure and pacifying all these groups is an expensive and seemingly impossible task. However, some of the most effective data protection methods are relatively inexpensive and easy to implement.
Here are five simple solutions to help keep your data secure and reduce the risk of a data breach.
1. Watch out for phishing
Phishing is a type of social engineering attack in which a crook poses as a trustworthy source and attempts to trick people into clicking malicious links or providing personal information.
These attacks are usually delivered by email and are characterised by poor grammar and assertions that you need to rapidly address something that’s gone wrong. For example, such messages might claim that your account has been hacked, that you need to confirm a card payment quickly or ‘something bad’ will happen, or that your bank account has been frozen.
If you fall for one of these schemes, you’ll inadvertently hand over login details, personal information or payment card information to criminals. If it happens at your workplace, you’ll expose your entire organisation to a potentially massive cyber attack or data breach.
To avoid this fate, you should enrol your staff on a phishing staff awareness course to help them identify scams and learn what they should and shouldn’t do if they receive one.
2. Back up your work
Data backups are like toilet plungers: you never need them until suddenly you do. It’s relatively unlikely that your data will be corrupted or otherwise inaccessible (cyber attackers generally just steal information), but it’s still something you need to be prepared for. After all, it’s not only cyber criminals you need to be wary of, but also a host of technological problems, from power outages to infrastructure damage.
Even slight delays could cause huge financial and reputational damage, but backing up your data ensures that you always have access to information and can remain functional.
3. Use secure networks
People rarely think about the security of their Internet connection. Most of the time, they have little to worry about: home and work connections tend to use a password-protected router that encrypts data.
Unfortunately, the same can’t be said for public Wi-Fi. It shouldn’t be a surprise to learn that places like cafes, trains and hotels that offer free Internet connection don’t have teams of cyber security professionals ensuring that their systems are secure. That’s not a problem if you’re using the Internet for casual browsing, but it can be very dangerous if you intend to access sensitive information.
Employees on the go might be tempted to use their train journey to review some important documents, for example. We’d suggest they only did this if they used a VPN (virtual private network) or accessed their work offline.
4. Patch, patch, patch
Every piece of software that you use, and every website you use, has technical vulnerabilities that a cyber criminal could leverage. Fortunately, the people who maintain those systems routinely look for vulnerabilities and release updates and patches that fix them. You can make sure that every application you use is up to date with a patch management system.
5. Think twice
Many data breaches are the result of simple mistakes. It’s all too easy to misplace a work-issued laptop or send an attachment meant for John in finance to John in marketing. Errors like this are bound to happen, and we’re not suggesting that you should expect staff to never make mistakes. However, you can reduce the risk by regularly reminding staff of their information security obligations.
One way to do this is to enrol your employees on an information security awareness course. Another solution is to implement a policy reminding staff to pay close attention whenever they are dealing with sensitive information. If someone is travelling with a laptop, you should instruct them to keep it on their person or locked away. If emailing a document, they should double-check the recipient.
Best practice data protection methods
You can find out more about these tips, and find more like them, in ISO 27001. ISO 27001 is the international standard for information security, and it contains a list of measures that all organisations should practise if they want to reduce the risk of data breaches.
Unlike other security standards, it instructs organisations to create an ISMS (information security management system), which is a centralised system to manage people, processes and technology. This simplifies data protection and makes it easy to review, amend or add to your security measures.