Top tips for ensuring your business is protected against data theft
Protecting your Business’s Data
With the new data protection rules (GDPR) coming into force in May 2018 and a number of high profile data breaches reported in the media recently, a lot of emphasis is being placed on cyber security and protecting your business from data theft.
When customers hand over personal data, they expect to be able to trust it is secure, which is why the new regulations highlight the need to obtain permission to hold information and to delete it when necessary.
Fortunately, there are measures that small businesses can put into place to ensure compliance without having to break the bank.
Here are our top tips for cyber security:-
- System updates
One simple way of ensuring better data protection is to keep your computer systems up to date. Windows and MacOS updates usually require nothing more than the click of a button. Updates are issued very frequently as developers work continuously to close loopholes in theirsoftware products.
Web browsers will often update without your or your employers needing to do anything. Their position on the front line against threats originating from the internet means it’s more important than ever that security updates occur with as little user intervention as possible.
- Antivirus products
Running an antivirus program provides additional protection to your operating system. Although the free versions of the software are tempting, it’s worth investing in a paid option to benefit from the extra protection this will give. With rules around data breaches becoming stricter and fines heavier, solutions costing less than £100 a year could save you a fortune in the long run.
- Password security
Encouraging all staff to create strong passwords is a must. Many data security firms offer basic training on cyber security, and password creation is typically a part of this. Longer passwords that mix lower and upper case letters, numbers and special characters are preferable, and words connected to employees, such as a pet’s name or maiden name should be avoided. Many companies now have automatic password expiry procedures which require users to change their password every month or two and which won’t allow previous passwords to be re-used. It may well be worth having your IT consultant make this change for you as it ensures all users use secure passwords and change them often.
- Email security
Basic training will also cover what to look for in an email that could be malicious. Making your team aware of the risks of clicking a suspicious link or opening an attachment when the sender is unknown is a simple yet crucial part of keeping data theft opportunities to a minimum. It’s also advisable to put a procedure in place for occasions when an employee reports – or accidentally clicks on – a suspicious email.
Attempted cyber attacks on SMEs may include email cloaking, phishing or malware – these are all fairly common nowadays and your staff should be provided with information about the type of attack and what each looks like so they can recognise a threat when it occurs.
- Backing up and deleting data
All businesses should ensure that their data is backed up frequently so that in the event of an attack, the company cannot have their systems frozen and then be held to ransom. Additionally, when customer data is no longer current or a customer has withdrawn permission for their data to be held, it should be deleted from all systems.
When GDPR comes into effect next May, businesses will be required to prove that no data is held that shouldn’t be, so it’s wise to get into the habit of keeping files up to date now.
THP Chartered Accountants can help with system audits and data handling – contact us today for more details.