Data security remains a key point of focus for most businesses, especially so since the introduction of GDPR regulation in May 2018 provided a robust set of rules to govern the acquisition, management, use and suppression of personal data. Under the act, the consequences of data breaches can cost dearly to a business: from hefty fines to a dented reputation that could see the loss of customers and partners.
With many businesses having incorporated remote working and hybrid models since the beginning of the COVID-19 pandemic, more people are now digitally connected across the world than ever before, be it from your IT-managed office or employees’ homes. Although this can create new opportunities, it also increases the risk of your company’s data falling into the wrong hands.
In today’s blog our team shares their advice to help protect your business and its data in 2022.
Insights from our team
Going back to basics
Ultimate Finance IT Manager Ben Dodson’s first tip is to start by going back to the basis. He says, “To make sure your data is safe there are two areas you cannot neglect: devices’ security and updates, and staff training in cyber security awareness”.
- Run regular system updates
Ben advises to start by ensuring all devices are up to date, from the operating system and anti-virus software, but also all applications such as web browsers and Office suite which regularly provide updates and patches to increase their safety. Make sure all employees are aware of new updates and action them promptly to prevent any unnecessary risks.
- Be in control of devices and software
Ensure only your authorised devices are used to access company data so that you can be satisfied they have been adequately protected and encrypted. Remind your staff of your company’s rules when it comes to using unauthorised devices, be it laptops, phones and usb connections to protect from compromising or losing sensitive data.
To help prevent viruses and other malwares Ben advises you should always use official business email accounts so that you can be in control of spam detection and quarantine rules. Here again, regular training to help detect suspicious emails is important. He explains, “Some fraudsters have become talented at tricking recipients into thinking their email is genuine so it’s important that you provide staff with tips around the most common ways of detecting suspicious cases, from the sender’s email to the quality of the text and images”.
- Keep it safe
With working from home now part of the normal workweek for many more, our homes have become an additional ground for potential data breaches. Ensure your work devices are only accessed by authorised users, locked and password protected when not in use.
Sensitive data should be kept securely on systems as much as possible – printed documents carry an additional risk to end up in the wrong hands, both within an office and home.
- Increase staff awareness
Once you are satisfied that all devices, applications, and servers are safe, you next line of defence is your team of employees. Ensure new staff are trained from induction day and provide everyone with regular refreshers so they are aware of potential security threats from phishing emails, malware prevention and best practices.
Data security in a hybrid world
The business landscape underwent a drastic and sudden change in 2020, and although at the time many took a quick “bandage” approach to ensure their business could keep moving with staff working from home, two years later ways of working must adapt to what we now consider the new normal.
Hybrid working and complete remote working challenge many old assumptions about data and security. Employees may now have access to more than one regular workspace, and some of those may even be public spots such as cafes or libraries. This additional flexibility introduces new security threats your business must take into consideration.
Chief Information Officer Andrew McKee explains, “Data security now needs to extend beyond keeping information secure within an office space. There are many ways to help your teams stay safe from wherever they can do their work: for example, VPN access, virtual desktop platforms and cloud technologies such as Office 365 or Google Workspace offer safe ways to share data between employees from anywhere, making flexible working easier and more productive for everyone”.
Here again, organisation is key: keep an up-to-date inventory of all company devices, where they are and who is responsible for them and ensure all hard drives are encrypted in case the equipment is misplaced or stolen. Use document storage locations to save, share and access files to help discourage sharing documents via email where common data breaches are known to occur.
McKee continues, “It is important that employees at all levels understand not only the benefits but also the risks of digital advances for your business. This year, the UK Government is launching its Help to Grow: Digital scheme to help businesses access free support on digital technologies to help boost performance safely. Some eligible businesses can also access a discount of up to £5,000 to support the purchase of approved software.”
Follow policies and procedures
The responsibility of keeping business data safe does not stop with your IT team only. As mentioned, it is the role of each and every employee to ensure that they handle data responsibly at all times and do so by following official rules and policy.
Group General Counsel, Polly Russell-Stower explains, “Company policies around data protection and cyber security are vitally important for any business. My advice would be that businesses review all policies with the assumption that hybrid working is now the norm. There will undoubtedly be areas that need to be reshaped to ensure employees have a clear understanding of what is expected of them when it comes to the safety of their chosen workspace at all times”.
Policies should include clear rules around what staff can and can’t do when it comes to data storage and handling, the use of company devices and, not to be overlooked, the suppression and destruction of data.
The issue of confidentiality may also require a renewed approach to ways of working based on the date each employee can access, be it digitally or on printed documents. For instance, depending on how exposed their workspace is some employees may need to consider using screen protectors to render any data unreadable to people around them.
Finally, you must ensure that your employees are familiar with GDPR regulations, the Data Protection Act and your own company procedures when it comes to data handling. Polly adds, “Put in place a solid escalation process to deal with any confidential information that may have been compromised or if a potential security breach may have occurred. Document your process and distribute it with your teams so that everyone knows the procedure to follow to mitigate any issues as quickly as feasible”.
Keeping your data secure
Ensuring that your business data is kept secure at all times can be a daunting concept, especially when there are now so many workspaces to consider and the very tool used to help manage it all is also the one that poses most common threats: technology. However, if your business has put in place robust and detailed procedures paired with regular training, the risks of data breaches can be mitigated as much as possible by ensure employees are following safe processes and aware of common mistakes.
If you have found our data tips useful, make sure to follow us on LinkedIn to be kept up to date with all of our latest articles.