Whether it’s online data or confidential paperwork, having the correct, up-to-date, and most suitable security in place is essential. Many businesses store a substantial amount of data and information online, so all employees need to be aware of the correct protocol for handling both personal and company data.
As of May 2018, new laws around data protection will come into play for businesses. General Data Protection Regulation (GDPR) will change the way personal data is handled and processed by any business of any size, so it’s important to get everyone on-board with security provision as soon as possible.
With the implementation of GDPR arriving soon, there are a few other things you can do alongside this to create a more security aware culture in your business.
It’s everyone’s responsibility
Data protection is the responsibility of everyone who works within a business, so it’s essential all members of staff know what is required from them. Putting the onus on individuals can help establish a collective responsibility and remove the attitude that data security is just for the IT department to worry about. Raising the standards around security and how it’s viewed by individuals is essential.
Creating a data protection policy template for everyone in your business to follow will help outline what’s needed. Plus, speaking about security throughout the company, across all teams will ensure staff are aware that this is an issue for everyone. It’s important to make sure all employees understand the need to have a secure password and that computer updates are regularly completed to make sure all anti-virus software is up-to-date.
Cc’ing on emails
Everyone has heard stories about people cc’ing their boss into an unfortunate email, or hitting ‘Send All’ on what should have been a private message, but careless emailing can enter the realm of data protection too.
Cc’ing someone, or a large number of people, into an email thread without their permission and therefore sharing their personal information, could actually be a breach of data protection. For businesses who use freelancers or any other third party, it’s important to make sure you’re including the right people in your emails.
When it comes to your employees, encourage the use of bcc’ing instead, and reiterate the importance of staff checking that they are sending emails to the right people before they hit the go button.
Freelancers and their access to company material
Many businesses use freelance workers to fulfil tasks on a regular basis, but this can cause some challenges with data security. Freelancers may need to use their own device to complete the work allocated to them or they may need to access company networks to gather any information needed.
There are a few steps your business can take in order to protect its data when it comes to freelance workers. This can include restricting their access to company information and only giving them visibility of what they need to complete their work. Regarding the use of their own equipment, you need to ensure you are staying on top of and have a record of all the devices which are accessing your company network. Ultimately, it’s up to the freelancer to make sure the data is safe – which is something you may want to enforce when enlisting their help.
Storage and shredding documents
The need to print hard copies of work is still relevant in today’s offices and implementing rules around the proper handling and storage of printed documents is extremely important. When documents which contain sensitive information are no longer needed, throwing them in the bin will just not cut it. In these cases, a shredder can prove invaluable. If the documents are still relevant and needed for records or to refer back to, lockable filing cabinets or other forms of secure storage can help keep them safe.
Creating a system for checking whether a document needs shredding or filing can be a great way of keeping on top of paperwork. You should also implement a clear and logical way of filing, so documents held within your lockable storage can be found when needed.
Preventing sensitive material being left in places where anyone can access it
When employees are working remotely, or transporting laptops or other pieces of kit around, you need to put provisions in place to ensure none of your information can be left behind where someone else can view it.
Passwords should be utilised and a strong firewall should be implemented. If working remotely, a privacy screen protector can be great from stopping people being able to read your screen.