06 Sep 20 Ways To Protect Customers Data Online
As the world moves more and more into digital, new technologies are helping us move confidential data away from paper and into the digital space. That means online data security is becoming more of a concern for business owners – especially with the threat of GDPR looming over them!
But once the data is digital, how do you protect it? You can’t lock it away in a drawer or shred it when you’re done with it. And while the business may have protections in place, it’s ultimately the people in the business who pose the most risk to your data. So today, we have something a little bit different to our normal blogs. 20 practical tips for you (and to share with your employees), which will help keep your data – and theirs – safe online.
- Stay up to date with data privacy laws. If you haven’t already done companywide training on GDPR and what it means, that’s your first step. Since GDPR strengthens data protection rights for EU citizens (which we are at time of writing), your employees need to understand how to be compliant. Even if we do end up leaving the EU, GDPR has already been written into UK law, so there’s no way around it.
- Set a screen password or PIN for every mobile device. Any device that is lost or stolen that doesn’t have one is completely unprotected. Apply 2-step verification to any accounts you can for additional security.
- Don’t use easy-to-guess PIN numbers or passwords. Long string passwords with special characters and numbers are best. If you struggle to remember these, download a password manager to help.
- Put a system in place to securely shred all paper documents that contain confidential information as soon as they are no longer needed.
- Install anti-virus and anti-spyware software on all machines, and a firewall on all hard drives at a minimum. Ideally, work with a cyber security expert to ensure your data is ring-fenced and completely secure from attack.
- Keep all software up to date. Make sure your employees are all installing security patches and updates as they come out – not ‘waiting’ to avoid a slight slow–down, or just avoiding it because they can’t be bothered.
- When setting up an internet–enabled device, use a unique username and password – not the default it sets you up with. Make sure you enable auto-updates as well to keep your device protected.
- Don’t share files, passwords or any confidential data on public WiFi. Data thieves love public WiFi since it is unsecured and so easy to hack – you’d practically be giving your data away.
- In public places, make sure you use a VPN (virtual private network). This makes sure all your traffic is routed through a single, remote server, and not the highly insecure public WiFi network.
- Encrypt data on all mobile devices, including USB drives and portable hard drives. This will make the data unreadable to anyone who doesn’t have the decryption key, keeping it secure from anyone who doesn’t have permission to view it.
- Don’t post confidential information on social media. Make sure you go into the privacy settings and hide any personal information you have to include, such as birthdays and hometowns.
- Many websites or hackers can identify where you are based on your mobile phone. So unless you actively need the GPS tracking function, turn it off on any devices containing confidential data.
- Use two-factor authentication to help keep strangers from accessing any of your accounts. That way even if they do manage to hack or steal your password, they would still need that second verification step before they can get inside.
- Unless you’ve initiated contact, or you know exactly who you’re dealing with, don’t give out personal information on the phone, through email or over the internet.
- Don’t open files, click on links or download programmes sent to you by strangers or odd email addresses. It may be a phishing scam and can open up your computer – and the whole network – to malware.
- If your employees work from home regularly, make sure they turn off their home router if they go away to avoid hacking attempts.
- Don’t use the automatic login feature on computers that saves your username and password. Though this might be a great time saver, it’s not secure at all! Always remember to log out when you are finished.
- If you don’t understand the privacy policy on a website, don’t use it. That does mean you have to actually read it, but trust us, it’s worth it!
- If you can, keep wireless settings turned off on wearable devices like Fitbits or smartwatches until you need to sync the data to your phone. They are not heavily secured and could be an easy access point.
- And finally, always remember that data on a hard drive can’t be permanently deleted or removed by simply wiping them. You need professional grade equipment and software to achieve the level of data destruction necessary for GDPR, so make sure you hire a professional to help you.
At Charterhouse Muller that last point is where we can help you most. We are experts in the secure destruction of data from electronic devices and technology – everything from phones and tablets to monitors, printers and even TV screens. Our team ensure your data is completely removed from the device without causing any damage, and can even refurbish slightly damaged or old devices so that they can be re-used or sold on. If you would like to find out more about how we can help you protect your (and your customer’s) data, just get in touch with us today.