The majority of businesses will be holding several forms of sensitive information that all need to be kept secure. Whether that is customer payment information, staff data, or business strategy decisions – all of these pieces of information should be kept private.
Many of us will make the mistake of assuming that company data breaches are a problem caused by smart hackers, who have successfully managed to force their way into rigid systems. And, while this scenario is certainly the one that receives the greatest amount of headlines in the media, in actuality, employee errors are the biggest threat to company data security.
Lost or stolen devices, the downloading of malicious apps or software and weak passwords are all common examples of where careless practices can lead to a serious data breach.
Northdoor, a UK IT consultancy specialising in data security, cloud computing and IBM storage, discusses how you can create a workplace culture that puts data security first.
Fully trained staff
Training all staff on how to correctly implement data security best practices is a vital first step in promoting a workplace culture that respects security. This helps prevent human errors that can result in threats to sensitive information and data. Even large companies with the most hi-tech tools in place are vulnerable to threats, especially where staff are uninformed of potential risks and do not know how exactly they can work to mitigate them.
Creating a company-wide data security policy is a sensible course of action and should outline the employees’ individual responsibilities and the security threats that could arise in the event of improper conduct.
Most of us should be aware of the importance of keeping passwords as strong as possible, and your company’s security policy should absolutely include a section on password best practices. In short, passwords should be at least 10 characters long, containing a combination of letters, numbers and symbols. They should also vary across logins so that if an unauthorised person did manage to gain access to one, they cannot access all of them.
A two-factor authentication process, requiring a back-up phone number or fingerprint ID is now widely recommended and can easily be set up for most applications, on most devices. Alternatively, if you have the budget for it, a password management software can be highly beneficial, particularly if your business holds a lot of client or customer login information. With this software, passwords are kept secure and can only be accessed by those who have specific permission to do so.
Many modern workplaces have begun implementing Bring Your Own Device (BYOD), allowing staff to carry out their jobs via their own mobile devices. While this is an attractive workplace benefit that many employees enjoy, due to the greater flexibility and productivity it can provide, BYOD does pose certain risks to company data, particularly if devices are lost or stolen and the security measures in place are inadequate.
If your business is already implementing BYOD, or is thinking about it, then it is extremely important to create a BYOD policy, outlining how staff members should use their device for work purposes. Such a policy would outline the risks and how to safely prevent them.
For instance, having access controls, secure passwords and guidelines on keeping apps and software up-to-date, are all important factors which can help ensure personal device security is as robust as it can be.
Moreover, the policy should include a solid exit strategy, which addresses how sensitive company data can legitimately be removed from employees’ personal devices when they leave the company.
Sharing documents securely
Employees should be trained in how to easily spot a phishing e-mail and should know to only open attachments from trusted sources. Likewise, documents containing sensitive information should never be sent via email or instant messaging apps – no matter how secure they may claim to be.
Instead, many modern businesses now make use of cloud-based tools that allow for secure document sharing, which are particularly useful when employees are working remotely or across teams. Such tools allow files to be shared and collaborated on securely, via one single platform that only those with access can use.