Data is one of the most valuable assets a business has at its disposal, covering anything from financial transactions to important customer and prospect details. Using data effectively can positively impact everything from decision-making to marketing and sales effectiveness. That makes it vital for businesses to take data security seriously and ensure the necessary precautions are in place to protect this important asset.
Data security is a huge topic with many aspects to consider and it can be confusing to know where to start. With this in mind, here are six vital processes organisations should implement to keep their data safe and sound.
1. Know exactly what you have and where you keep it
Understanding what data your organisation has, where it is and who is responsible for it is fundamental to building a good data security strategy. Constructing and maintaining a data asset log will ensure that any preventative measures you introduce will refer to and include all the relevant data assets.
2. Train the troops
Data privacy and security are a key part of the new general data protection regulation (GDPR), so it is crucial to ensure your staff are aware of their importance. The most common and destructive mistakes are due to human error. For example, the loss or theft of a USB stick or laptop containing personal information about the business could seriously damage your organisation’s reputation, as well as lead to severe financial penalties. It is vital that organisations consider an engaging staff training programme to ensure all employees are aware of the valuable asset they are dealing with and the need to manage it securely.
Read more about the GDPR
- Just 2% of more than 15,000 enterprise cloud applications analysed are GDPR-ready, according to a cloud risk report.
- A last dash for compliance with the GDPR has begun across Europe – despite a two-year warning, some organisations will fall short, and Brexit is no excuse for UK companies.
- The staffing impact of the GDPR will be huge, with 28,000 data protection officers in Europe alone, says the International Association of Privacy Professionals.
3. Maintain a list of employees with access to sensitive data – then minimise
Sadly, the most likely cause of a data breach is your staff. Maintaining controls over who can access data and what data they can obtain is extremely important. Minimise their access privileges to just the data they need.Additionally, data watermarking will help prevent malicious data theft by staff and ensure you can identify the source in the event of a data breach. It works by allowing you to add unique tracking records (known as “seeds”) to your database and then monitor how your data is being used – even when it has moved outside your organisation's direct control. The service works for email, physical mail, landline and mobile telephone calls and is designed to build a detailed picture of the real use of your data.
4. Carry out a data risk assessment
You should undertake regular risk assessments to identify any potential dangers to your organisation’s data. This should review all the threats you can identify – everything from an online data breach to more physical threats such as power cuts. This will let you identify any weak points in the organisation’s current data security system, and from here you can formulate a plan of how to remedy this, and prioritise actions to reduce the risk of an expensive data breach.
5. Install trustworthy virus/malware protection software and run regular scans
One of the most important measures for safeguarding data is also one of the most straightforward. Using active prevention and regular scans you can minimise the threat of a data leakage through hackers or malicious malware, and help ensure your data does not fall into the wrong hands. There is no single software that is absolutely flawless in keeping out cyber criminals, but good security software will go a long way to help keep your data secure.
6. Run regular backups of your important and sensitive data
Backing up regularly is often overlooked, but continuity of access is an important dimension of security. It is important to take backups at a frequency the organisation can accept. Consider how much time and effort might be required to reconstitute the data, and ensure you manage a backup strategy that makes this affordable. Now consider any business interruption that may be incurred and these potential costs can begin to rise quickly. Remember that the security of your backups themselves has to be at least as strong as the security of your live systems...
With the GDPR still set to come into force in the UK despite the results of the recent referendum, it is vital for companies to start re-evaluating their systems now. Businesses need to plan how to minimise the risks, keep data secure and put the necessary processes in place should they need to deal with any of the data security threats.
Christine Andrews is managing director of data governance, audit and consultancy firm DQM GRC.