The risk of unmanaged data being lost or stolen has never been so great. What can employers do to make sure we protect the data in our business?
Have you ever noticed the ill-matched absurdities of on the one hand, the Data Protection Act (one of the most misunderstood, misused, misquoted pieces of legislation I have ever come across) and the opposing effect of the goldfish bowls in which we place ourselves via vehicles like Facebook and Twitter? Couple this mis-match with the “kiss and tell” mentality of the tabloids, read by most of the population and you can see that discretion and keeping a stiff upper lip are rather out of fashion and the overall message about discretion and data security is confused.
We need to un-confuse ourselves and be clear that firm data management is essential. Social trends inevitably enter the workplace, creating risks for employers and those with who they deal. The cycle of technological change is now extremely fast. Mobile working has extended the office to trains, cars, home and on foot. Quicker and more diverse internet connections, and cloud computing have been great for business. But all of this also creates risks which we have to identify and deal with robustly.
The potential to leak, lose or have data stolen is now considerable. We’ve all heard with varying degrees of horror, of laptops containing thousands of personal details (without even being password-protected in some cases) stolen from cars. Memory sticks get lost, files are left on trains, employees use unprotected Bluetooth devices in public and can find that information is stolen from them electronically.
How can employers manage the security of information, but more importantly instil a culture of discretion when it comes to sensitive information about the organisation, employees and associates, or about people who deal with the organisation?
What sort of things do employees do that poses a data security risk? Here are the top nine risks according to data security experts.
- Browsing– Many employees don’t recognise dangers on the internet, including malware. Educate employees about such threats and monitor browsing habits.
- Email attachments – Some attachments can bring risks. Employees should be trained to recognise possible problems and know what action to take.
- Spam – Many organisations rely on spam filters, but undesirable messages may still pass through even the most advanced systems. Employees should know how to detect and handle spam when it appears in their inboxes.
- Not making backups – according to research one in five employees admits to risking important documents by failing to make a back-up copy.
- Unauthorised software – Unauthorised software can cause major productivity and security issues. Organisations should have policies and consequences for violations.
- USB Drives – These are able to store large amounts of data, but are all too easily lost or misplaced. I now use them only to carry workshop slides in case the laptop fails, but for no other reason.
- Social Media – Loose talk risks data loss. You absolutely must have a social media policy. Take employees through the risks of data loss on social networks.
- Mobile Devices – Smartphones and tablets give employees easy access to corporate data from virtually anywhere. They should only do so if their devices have been set up with all the necessary security settings. Data stored on mobiles devices must also be backed up.
- Mobility – Unfortunately, employees are more likely to take risks with data security when they are away from the office. Have mobile safeguards in place and ensure that no sensitive data is being transferred over unsecured Wi-Fi networks.
The Data Protection Act places a legal duty upon us to protect personal data i.e. any information about an individual held on computer or in organised filing systems that could identify the individual, either on its own or together with other information your business or a third party holds. Train employees to understand what we mean by sensitive data and provide guidance as to the way such data should be managed.
- Whether in the office or in public, don’t leave personal, important company documents or mobile devices unattended (eg leaving them unattended if you go to the loo on the train).
- Don’t leave files or mobile devices in unlocked vehicles. Don’t leave them in vehicles overnight at all, even in locked vehicles.
- Documents with personal information and company sensitive documents must be locked away when not in use.
- Make sure all desktop and mobile devices are password protected.
- Don’t write passwords on notes and place them by the computer.
- Shred all sensitive documents.
Companies have to protect their human and intellectual assets, now more than ever before. Taking precautions now will reduce both risk and liability.