Research shows that about 80% of data breaches in the UK result from human error. These data breaches are part of a category known as accidental exposure, including inadequate security measures.
With tough penalties under the GDPR, there has never been a bigger incentive to get data security right.
We have 10 simple tips that will help to improve your data security.
Improving your data security
- Familiarise yourself with your company's IT rules
- Be clear about your responsibilities
- Take extra care when taking data offsite
- Only access or transfer data via secure networks
- Only share information on a 'need to know' basis
- Understand and check document classifications
- Follow the password rules
- Only process work information via work devices
- If you're unsure how to protect your firm's data, ask
- Never conceal data losses or breaches
1. Familiarise yourself with your company's IT rules
That includes all procedures and policies relating to information security, privacy and confidentiality. You can't fully protect yourself and your firm if you don't know what to do.
2. Be clear about your responsibilities
Know what data you are responsible for, what you are allowed to do with it and what you aren't. By knowing your responsibilities, you can take ownership of the data you handle.
3. Take extra care when taking data offsite
Only do this if it is absolutely essential; ensure that any data is encrypted or password-protected; and ensure that it's returned or deleted after use. Before sharing any data, it is important to encrypt it.
4. Only access or transfer data via secure networks
Accessing your company's network via unsecured networks, including public WiFi hotspots outside your office, will make you more vulnerable. Keep this in mind when accessing or sharing any data.
5. Only share information on a 'need to know' basis
Avoid forwarding data to groups of people and take care typing email addresses to avoid sending data to the wrong recipient. Protecting the data you are responsible for is important, only distributing it to those who absolutely need access.
6. Understand and check document classifications
People in the same department or function may have different access rights, so check who is entitled to what and how documents are classified before sharing them. Use clear classifications such as Private, Confidential, and Public to grant privileges.
7. Follow the password rules
Use strong passwords and change them regularly; avoid sharing your password with anyone else, as your password may give others access to restricted information.
8. Only process work information via work devices
That means any information about your job, including emails, documents and instant messages. Avoid forwarding data to your personal email or smartphone or using personal devices and connections for printing etc.
9. Ask about protecting your firm's data
If you're unsure about how to protect your firm's data, ask how to go about it to ensure that you are taking all necessary steps. You can get more advice and support from the IT department or your manager if you need clarification.
10. Never conceal data losses or breaches
If you make a mistake, tell your manager or the IT department immediately so your firm can act quickly to limit its losses. There is nothing to be gained from hiding this information.
Want to learn more about Information Security?
To help you plan and execute compliance in your organisation, we have created a comprehensive GDPR roadmap.
We also have 80+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
If you'd like to stay up to date with information security best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.
Last but not least, you can interact in person with thought leaders and your peers at one of our popular live webinars and face-to-face events.
If you've any questions or concerns about compliance or e-learning, please get in touch.
We're happy to help!