22 March 2018
Let’s Talk About Data Protection: 3 Low Cost Ways to Reduce Risk
In business, there is something to be said for reaching out to do the right thing, not merely the minimum acceptable. That is the case with new Notifiable Data Breach (NDB) laws introduced in Australia this year. The renewed focus on data protection is welcome, and it will go some way to making us all safer online, but we should always do more to prevent breaches. We have three ways you can make compliance with the new regulations easier and do the right thing by your customers and employees.
Processes for Data Protection
This is a good time to reconsider how you secure information. Examine the types of information you email – sensitive information such as personnel files, credit card numbers and dates of birth should be handled another way. Hackers tend to scan emails for this personal information for identity theft, so don’t make it easy for them.
Hackers are also on the lookout for passwords in emails too. Having passwords makes it easier for them to access systems at their leisure, with unauthorised access very hard to trace. Check processes for onboarding new employees and insist on immediate password resets. And look at two-factor authentication – it isn’t hard to set up, and it greatly reduces the possibility of data breaches. Offering two-factor authentication to customers who login to your systems will show that you take their safety seriously, which helps your organisation’s reputation.
Keep staff well-informed about how they access and save information on their own devices if you offer BYOD. Clear policies, checked and enforced, keep everyone safer.
An Office 365 Tool You Already Have
It is likely that you have a data protection tool that you haven’t yet discovered – but you are already paying for. The right specialist setup can make Office 365 a guardian of private information, for example blocking credit card numbers from emails. Our Office 365 specialists say that this is one of the most underused yet effective functions, making it a cost-free way to upgrade protection of payment information.
While you’re at it, why not check into the other security and productivity tools that come with Office 365. We’ve saved numerous customers from spending their budget on functions they already have access to. We’re always happy to share knowledge on how to get more from your Office 365 licences.
Data Storage and Loss
Aside from weak or shared passwords, weak remote access methods can be the primary culprits when it comes to data loss. Firstly, limit access to those who must complete essential tasks. There’s no single answer to fit all needs, but there are certainly some cost-effective options for safer remote access, ranging to more intelligent modern infrastructure to private and public cloud. For many organisations, amplified complexity and increasingly sophisticated cyber-crime have led to the decision to enlist professional help in the form of a managed service – no longer worrying about the day-to-day.
The process of capturing the data, and deciding what is stored, should also be scrutinised carefully. Do you need to store payment information at all, or can it be entered live and discarded, so that your systems never contain those details? Once a customer has paid successfully, it is unlikely in most cases that you will need to refer to that information again to fulfil the order. The less detail you have, the less a hacker can find.
As organisations, our employees and our customers trust us with their private information, and the very least we can do is repay that by handling it with the utmost care. Not only because it means we are less likely to have NDB breaches to report, but because we value the role they play in our success.
If you have any concerns about IT security in your business, talk to the TechPath experts. You can also learn more about cybercrime and reporting incidents at www.acorn.gov.au
Backup is the number one way to recover from a cyber-security event, learn more in our article: Cyber-Security: Is it Time to Call for Backup?