Data Security in Your Team
Protecting Your Electronic and Online Assets
Imagine this nightmare scenario. You receive an email from a client, which contains an attachment – an order form that he wants you to look at right away. It's late, and you've got whole bunch of stuff to do, but you want to keep your client happy. You open the file.
Almost immediately, you know that something is wrong. The attachment isn't an order. Nothing seems to happen when you click on it. And, now that you look at it, the email address doesn't seem right, either.
In fact, with just one click of the mouse, your network has been infected by a virus that is busily stealing email addresses and other important data, potentially costing your organization millions of dollars in lawsuits, and causing irreparable damage to its reputation.
It could happen. It does happen. But it doesn't have to.
In this article, we examine the basics of data security, and explore how you can keep your data – and your customers' data – safe.
What Is Data Security?
Data security is the protection of information held on computers, networks, servers, and mobile devices (and on hard copy, which should be kept under lock and key).
Security measures range from company-wide policies backed by sophisticated antivirus and firewall software, to simple, everyday steps that individuals can take to protect their personal information.
Why Data Security Matters
Securing your data is essential, because the consequences of "letting your guard down" can be catastrophic.
Without rigorous protection, your commercial secrets, your customers' financial details, and your employees' personal records, for example, are all vulnerable to theft, deletion and alteration.
"Cybercriminals" now operate on an industrial scale, compromising the security of countless organizations and individuals. A report published in February 2018 estimated the global cost to business of cybercrime at between $445 billion and $600 billion annually. And a 2017 study found that 64 percent of Americans had had their personal data compromised.
For organizations, a security breach can have huge repercussions. Consider, for example, how your reputation would suffer if you allowed your customers' personal data to fall into the wrong hands, or if your network fell victim to malware that held your company to ransom.
And it's not just criminal activity that you have to guard against. Accidental data loss and human error can cause significant damage, too. In 2017, the personal details of more than 140 million customers of the credit-check agency Equifax were exposed when, according to its former CEO, a single employee overlooked an important security update.
Even a simple lapse such as absent-mindedly sharing addresses on an email can infringe customer confidentiality. For example, an HIV clinic in London was fined £180,000 (roughly $236,000) in 2016 after a staff member added all of its subscribers' email addresses to the "To" field, instead of keeping them private with the "BCC" option.
Seven Ways to Secure Your Data
Chances are, you're not in charge of your organization's IT policy. But you can still take basic steps to protect data at the team and individual levels. Start with the following seven tips:
1. Encourage Responsibility
Protecting your data is your organization's legal responsibility, but it's also the responsibility of everyone who has access to it – whether you're a new starter, a middle manager, or the CEO. Be sure that your team members and colleagues fully understand this principle.
Data security isn't the most fascinating subject for most of us, and it may seem like an extra hassle when you have so many other demands on your time. But it is crucial, and you need everyone to engage with it.
Your organization will likely have a data security policy. These policies often contain rules on removing old data, backing up data, and separating personal details from usable data (in survey results, for example). Ensure that you routinely remind yourself of this policy, and how it affects you. Comply with it at all times, and encourage others to do the same.
2. Limit Data Access
Keep track of who has access to data, and why. Data breaches are often caused by poor security at the point of access, and the more people who have access, the more likely such breaches are to occur. So, restrict access to sensitive or personal data to those who really need it.
Sometimes, many people within an organization have access to high-level data, even for relatively mundane tasks. If this applies to you, ask your manager whether you or your team really need those access privileges.
3. Secure Your Access Points
Identify the different ways in which you and your team members access company data, and on what devices. You likely have a work computer, and maybe a tablet and cell phone, too. And you might back up your data to an external hard drive, or to the cloud.
All of these access points are vulnerable, whether you're in the office or on the move, so it's wise to follow some simple best practice principles:
- Use only secure WiFi networks that require a password for access.
- Avoid transferring sensitive data to removable media, such as USB sticks or flash drives. These can be sources of malware and viruses, and they are easy to lose!
- Lock your computer when it's unattended, even if you're only going to the water cooler. (For machines that run Windows, press the "Windows" key and the "L" key together. For Macs, press "Ctrl," "Shift" and "Eject," or "Ctrl," "Shift" and "Power" on newer machines.). If you don't, other people will be able to see what's on your screen, and not everyone in your office will have the security clearance to legitimately access your work.
- Install an "inactivity lock," so that your machine can't be accessed after a set period of time when it's not in use. This will help with security should you forget to lock it yourself.
- Keep your mobile device with you, especially if you work while commuting, or in other public spaces. And, if you work from home, be sure to keep your devices in a safe place.
4. Use Strong Passwords
Many people don't make their passwords as secure as they should be. What's more, research shows that 56 percent of people know that their passwords aren't secure. But passwords do matter. They are the "gatekeepers" of your data, ensuring that only people who should be able to access it can do so.
It's essential, therefore, to set different passwords for each application or network that you and your team members access, and to change them at least every two or three months.
Choose your passwords with care. Passwords based on dictionary words, or on common names of people and pets, can be broken in fractions of a second. Longer passwords made up of random upper- and lower-case letters, numbers, and symbols are much harder to crack.
Of course, complex passwords are also harder to remember. That's why it's a good idea to use a password manager, such as KeePass or LastPass, to authenticate your identity and apply the correct password, no matter how random it is. You then only need one master password to access the manager, which securely stores all of your other passwords.
Make sure you also have a password for each individual device, to control initial access.
5. Look Out For Data Hazards
Your IT department will likely have installed robust antivirus software for your organization, but individuals' mistakes can still cause problems – particularly when it comes to email.
Always be wary of emails that you aren't expecting, from people who you don't know. If you open one by mistake, don't click on any links or attachments inside. These can introduce viruses or malware to your machine, which can spread through your company networks.
Hazards such as accidental loss, hardware crashes, and corruption or degradation (sometimes known as "bit rot") can also pose a threat to your data. Losing records of your organization's new sales leads because of a server failure, for example, can be as devastating as suffering a malware attack.
Be sure that everyone is aware of data storage issues, and that they know who to report to if they identify or suspect a problem – if computers or networks are behaving erratically, for example. In most cases this will be their line manager or IT department.
Also, verify that any data that you hold in the cloud is secure. And prepare for the unexpected by keeping backups. Consider following the "3-2-1 strategy": keeping at least three secure copies of your data, two on separate local devices, and at least one more offsite.
6. Respect Your Customers' Rights
Increasingly, organizations are required to be open and transparent about how they collect and store their customers' data. This is particularly true in the European Union, with the advent of the General Data Protection Regulation (GDPR).
If you're involved in managing confidential customer information, stay up to date with regulations that apply to customer preferences, permissions and opt-outs, and be prepared to purge out-of-date records. This can help not just with data security, but with virtual storage space, too.
GDPR is European Union legislation, but it also applies to any organization, from any country, that holds or processes personal data on EU residents. So, if you're based in the US but you have customers in Germany, for example, you may incur significant financial penalties if you don't comply with GDPR.
7. Stay Up to Date
Your organization's data security policy likely outlines the need to upgrade antivirus software and security patches at regular intervals, and it's a good idea to turn on the "automatic updates" option on any device that you use.
Never ignore prompts to carry out security updates, and make sure that your devices always have the latest protection.
Data security is vital for every organization. If your computers, networks and devices are unprotected, you're vulnerable to malware, ransomware and viruses. And, if personal or commercially sensitive information is compromised, your business and reputation can suffer.
Be aware of your own responsibility to keep data secure, and alert your team members to theirs. Effective data security requires vigilance and commitment, but there are simple steps that everyone can take to maintain it:
- Limit data access.
- Secure your access points.
- Use strong passwords.
- Look out for data hazards.
- Respect your customers' rights.
- Stay up to date.