Data breaches are a serious threat for every organisation – not just large corporations.
In fact, SMEs are targeted most because hackers making assumptions about their security, and they generally have less protection against internal factors, such as an employee abusing their access to steal data.
By now you should have received updated security policies or Codes of Conduct which guide employees on how to further protect the organisation from potential Data Breaches. (If not, ask your manager or someone responsible for Data Protection to have access to these).
Here’s a refresh of the key steps all personnel should be taking in their day-to-day work:
Strong passwords: If there isn’t a system requiring you to change your password regularly you should do this yourself, and create a new password with a mixture of uppercase and lowercase letters, numbers and symbols.
Leaving your desk unaccompanied: Take care not to leave any information containing personal data open to others when leaving your desk. Lock away files when not in use and log off your computer when going out of the office.
Be alert to visitors: Anyone wandering into the building may have accidental access to any number of files on desks so it is our policy now to ensure that any visitor the building is accompanies at all times.
Stick to company systems: Staff who maybe keeping their own contact sheets or compiling other forms of data outside the company system may be in breach of new policies so ensure you no longer do this if so. If you take personal data from the company without authorisation this is a criminal offence, not to mention a breach of company policies.
Don’t send messages on social media: It is the company’s policy now to only use email servers and apps on company mobiles (like WhatsApp) to contact clients and workers – it’s necessary that any data which is used for work is kept in a form which the company can control, so we ask you not to use any form of communication that it can’t access.
Report unsolicited emails / calls / messages: Do not act upon them without authorisation and until their validity has been checked. don’t try to brush it under the carpet or solve the situation yourself. There is always a solution to protect data either by reverting to back-up or remotely encrypting or wiping devices but it must be handled by the responsible officer.
Transferring Information: You should never transfer personal data to anyone until you have permission and are sure it is within the company’s process purposes. Avoid sending files as email attachment. Email is particularly vulnerable to attack. Send documents by using an FTP client / cloud service. If not an option, and you have to send by email use a password-protected document and send the password by text.
Check and double check people’s details: When you take down someone’s personal information, ask them to send you a contact card, read their details to them on the phone. The most common cause of a data breach is that information was sent to the wrong email address by mistake because information was taken down incorrectly.