Data Privacy – How Private Is Your Data?

Did you know that it was recently reported that only 5% of companies’ folders were properly protected from cyber criminals. and that 17% of all sensitive files are accessible to all employees?

With those frightening statistics in mind, when was the last time you checked how your business's data is being used?



Here are 4 steps you can take to keep your businesses data safe:


Step 1: Learn the addresses of your data

Often, businesses store data on multiple media types including local storage, disk based back up systems, cloud solutions, and more. A simple place to start is to understand exactly what lives on each form of technology and in what format it requires its own type of protection.


Step 2: Implement a need-to-know policy To reduce the risk imposed by human error or curiosity, businesses should create policies that limit access to data, meaning only those that require access have access. As a business, you should consider means to track access log entries, so that unpermitted access will not go undetected. Step 3: Toughen your network security

Networks are normally protected by a firewall and antivirus software, but these will not be effective if they are not up-to-date and working within the latest software versions.


Malware is a cyber security threat that mutates daily and as a business, it’s key that your antivirus software is up to date in order to keep up with these mutations.


Bring your own devices has been a rising trend for businesses in recent years, however, the COVID-19 pandemic meant that this wasn’t a trend or choice for many businesses when they were forced to close their business premises. This meant that there were many businesses who had employees using their own devices in order for a business to continue.

As a result, it’s a philosophy that is here for the long run and your business's security policy and processes should include the use of personal devices for business purposes.


Step 4: Don’t hang on to data baggage

To proficiently manage data as a business, creating a data lifecycle management plan will help you delete old and obsolete data. Things to consider when doing this are:

  • Identify the data you must protect and identify how long this must be kept for

  • Ensure you are looking at offline and offsite tape back up’s when tidying out your businesses data

  • Ensure you have an incident response plan in the event a successful cyber attack takes place

  • Consider non-digital data such as paper files and hardware files as these can hold out of date data

  • Securely dispose of hardware that could contain out of date data, this could be photocopiers, scanners, or even outdated voicemail systems.

The South East Cyber Resilience Centre offers a range of services for businesses that are designed to help you identify your digital vulnerabilities and weaknesses or, if you are a victim of a data breach, we can run an individual internet investigation that would identify what personal or private information is publicly available online.


Find out more on our dedicated Student Services page www.secrc.co.uk/services.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.

South East CRC White copy.png

USEFUL LINKS

CONNECT WITH US

  • LinkedIn
  • Twitter

© 2021 - The Cyber Resilience Centre for the South East

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.