2018 is an important year for data security. The General Data Protection Regulation (GDPR) signals a worldwide step-change in the way organisations must handle personal data. Data protection regulation and sanctions have never been higher, and companies must now act to ensure their data security is up to the new standards, or risk hefty financial and reputational penalties.
So what fundamental steps can you take now to help towards data security? We’ve pulled together five things you can do now to keep that valuable personal data safe:
1. Delete data
This one sounds obvious, but it’s also one of the most effective. If you’re storing enough data to run a small server farm, you might want to ask yourself – “how much of this do I actually need?”. One way to keep personal data secure is to simply get rid of it, especially if the data is old, has served its purpose, or is no longer relevant.
Encourage your staff to go through their own user accounts and tidy up any personal data contained within. Get them to delete data that is no longer useful and move sensitive personal data into password protected folders or locations. For larger companies or those that have been operating for a long time, you will be amazed at the amount of sensitive data that can be found buried deep within the company network but is yet open to multiple users.
A full system clean-up is a good idea, and a great place to start on the road to data security.
2. Limit data portability / transfer securely
Have you ever sat down and mapped all the data streams coming into, and leaving your company? Chances are you probably haven’t. The fact is, most modern companies have many data sources entering and exiting their network daily, and one thing to keep in mind when striving for data security is limiting these sources on a need-to-access basis, especially when they contain personal data.
Limiting access is fine, but what about the transfer itself? If sending data on a regular basis using file transfer, make sure you use a securely encrypted transfer (SFTP) which is far more difficult for hackers to gain access to than standard FTP.
3. Maintain a data register
Building on the point above, and in addition to keeping a map of data streams, it is advisable to create and maintain a data register. This critical document should be maintained on a frequent basis by all key staff and contain information on what data is stored, where it arrives from and goes, how it is stored and for how long. Finally and importantly, why is the data stored – i.e. for what purpose will the data be used? All of these questions can help to keep an accurate eye on data security, and even mount a solid defence should the worst happen and your company is being audited by Regulators.
4. Monitor data access and report breaches immediately
IT companies such as Dynamic Edge can work with clients to create proactive data monitoring systems which are designed to alert key staff in the event of breaches or unauthorised access to personal data. GDPR-ready companies already have measures such as this in place, allowing them to act quickly when data is compromised.
It is now a legal requirement to report data breaches to the Regulator immediately, without delay, and when audited, it will work in your favour if you have proactive monitoring information in place and are reporting the situation fully equipped with the core information behind the breach.
Of course, the above steps are just scratching the surface on the path to complete data security. Dynamic Edge are data security experts and can help you map out a data security strategy that fits with your business goals.
Contact us and we’ll arrange a coffee with you to chat through existing case studies and how we might help you.