Our recent blog on secure documents scanning touched on a few key ways to improve data security. With the implementation of GDPR only 6 months away data security is increasingly key to how businesses operate. GDPR will put greater emphasis on business’s to ensure they keep personal data safe or risk being hit with huge fines. For this reason with have decided to expand on the key data security points raised in our previous blog
Digitise your documents
With paper based documents it is impossible to know exactly where every single document is at all times. Files can be in any number of places such as filling cabinets, archive boxes, on any desk it’s no wonder so many paper documents get misplaced. Even the most sophisticated paper based document management system relies on people physically putting files back in the right place. Once a paper document has been lost it is extremely unlikely that the information can be replaced. Whereas with digital documents every file can be tracked at all times and lost data can be simply restored from a backup.
Know what data you have and where it is stored and a clear plan
First a business should check what data is held by the business and should determine which of this data is classed as sensitive. Compromise of this sensitive data would lead to damage to the business in a number of ways. Breaches of personal data could lead to reprimand or fines by government bodies such as the ICO. Or company secrets could make their way into the hands of competitors if a breach occurred leading to potential loss of business advantages.
Ensure IT systems are built with data security in mind
It’s important to use different layers of security to protect a business’s IT systems from unauthorised access and cyber attacks. All business computers should have an updated operating systems with the latest security patches. Software such as antivirus, spam detection and filtering are key for data security and should be installed on every computer and updated regularly. The business network should be protected by a properly configured firewall. If the business is not large enough to have dedicated IT staff it might be easier to use an IT consultant.
Restrict access to data
Organisations should audit what data every employee may or may not have access to. They should then determine if the access an employee has to data is appropriate for the work they need to do. For example an employee in the accounts department won’t need access to medical records that the occupational health department may have. The restrictions can be set on a department by department basis with sensitive data being further restricted if necessary. Each employee should have a strong log on password of at least 8-10 characters to prevent unauthorised access.
Use appropriate encryption
Encryption uses a mathematical algorithm to scramble data so that it can’t be accessed by anyone other than those that have the right key to “unlock” it. It can be especially useful at preventing unauthorised access to sensitive business information. This can cover anything from email correspondence to documents stored on a computer system or portable media. AES256 and SSL/TLS encryption are both examples of widely used encryption methods. Encryption is particularly relevant at the moment with the upcoming GDPR putting greater emphasis on data security.