Technology is ever evolving, but with the many benefits it brings, there are also more risks. Data held within companies has the potential to become more vulnerable.
We saw an example of this last week, with the database blunder at Salesforce (a CRM software provider). Unfortunately, the US tech company granted customers access privileges which they shouldn’t have had, allowing them to access and alter any data within the database. The only short term solution to this was to deny access to more than 100 cloud instances, shutting out everyone else using the systems.
This kind of mistake can be very costly to a business, and as we see regularly in the news, failure to protect personal data can be very damaging to a business’s reputation. Not only that, but the fines which can be imposed where negligence is discovered, can be devastating.
With this in mind, we have put together our top 5 tips to make sure that your company is doing everything it can to protect the data is holds.
1. Secure IT Systems
Number 1 has to be the security in place for your IT systems. There are many things to consider here, such as cloud security, encryption, mobile devices, anti-virus & firewalls, and much more. Regular reviews of these procedures and access levels to you IT systems are vital. Visit our earlier blog, for ideas of what else needs to be considered.
2. Check the Procedures of your Data Processors
Most SME’s will at some point use data processors. A data processor is an organisation who holds personal data on your behalf. An example of this would be a payroll software package, where all of your employees personal data will be stored. In most cases, these processors will have their own policies and security, however it is crucial that you verify what is in place. You need to have absolute assurance that your company’s data is safe.
MEO-Business act as a data processor for our clients. We take that responsibility very seriously, and ensure company data is safe. We use tier 4 data centres & each client site is contained in a separate database. This means that the issue of access privileges which was suffered by Salesforce customers, cannot happen.
3. Good Data Protection Policies
Secure IT systems are just the beginning of keeping data safe. There also needs to be guidelines on the use of data for employees who have access to this data, and this starts with up to date policies, which are compliant with the GDPR (General Data Protection Regulation).
4. Employer & Staff Awareness
One of the biggest issues facing many businesses, is that employees are unaware of their data and security responsibilities. It is often viewed as a tiresome unnecessary task, but in reality, unaware staff are potentially a huge security risk. Communicating your GDPR compliant policies to staff and ensuring they have received adequate training is essential.
Our IComply software is designed to assist with this. Not only is communication of policies made much simpler, but it provides the ability to assign data responsibilities to your employees, and monitor compliance across your company.
5. Get Accredited
Nothing says “We take our data and security responsibilities seriously”, better than an official accreditation. There are many to choose from, and each one will demonstrate various levels of security. A good place to start is the Cyber Essentials certification, which is a government backed scheme designed to protect organisations of all sizes against the most common cyber-attacks.