The data that your business keeps can loosely be categorized under two criteria; Sensitive data and non-sensitive data. Non- sensitive data is data that doesn’t need to be protected as it being accessed by others and presents no ethical or privacy problem.
Sensitive data, on the other hand, is data that for whatever reason, you do not want freely available to others. This can be privileged employee information, business plans or client information. They are very critical pieces of information that may have larger ramifications on your business if that data was leaked or accessed by someone, like competitors.
A potential issue is that there is no clear identification of which data is sensitive which then leads to not being aware of what information is being sent and accessed freely.
It might not seem like a big issue that your employees are able to connect to your email system and access their email easily with little restriction since it makes the process a lot simpler. It is assumed that since people are highly mobile their access to the information when and where they need it is of highest priority.
However, as a business, you really need to understand what data ends up on their device and remains, what client information is being sent via email that might end up on someone else’s personal device.
So what are some ways to protect your sensitive data? Here are some guidelines:
• Encrypt all sensitive data. Keep confidential information inaccessible from prying eyes.
• Use hard-to-guess passwords. Enforcing good password usage is key to stopping hackers from stealing data.
• Keep security software up to date. New malware is being released all the time and spreads at alarming rates.
• Restrict USBs allowed. Unauthorised use of USB storage devices could lead to data being lost from your company. Control usage with security software.
• Education is key. Find an engaging way to explain to staff the value of data and talk through the technologies, policies and best practice. Have employees be part of the army safeguarding sensitive data rather than keeping them in the dark.
• Encourage – rather than punish – employees who report potential data loss or breaches. The information can help you mitigate against costly risks.
• Keep track of devices. It’s all too easy to leave a laptop or smartphone, containing sensitive information in a taxi or a public place. Data should always be encrypted, but also use a remote wipe facility if devices are lost.
• Prepare for disaster. Create a plan of action to follow if a severe data breach takes place. Swift reaction can make a huge difference to legal ramifications and corporate reputation.
While these guidelines are by no means all that you need to do to secure your data, they will at least get you on the way to securing your sensitive data. In this information age, protecting your data is as important, if not more important, than securing your physical assets. Don’t waste a second getting started on this. It is that important.