Do your in-house security processes sufficiently protect against data breaches?
In 2016, security breaches cost UK businesses almost £30 billion. Firms both large and small are increasingly concerned about the potential for data loss, which could occur both physically and in the online world. With the incoming General Data Protection Regulation (GDPR) in force from May 2018, the rules for data protection are becoming increasingly stringent and the penalties more severe for personal data loss. For businesses, in-house security process are the first line of defence against a potential data breach.
A data breach can come from anywhere
Security is a top priority now for many UK businesses – and the first step to increasing security is understanding where the threats lie. Data breaches could occur for a number of reasons, including:
- Employee carelessness with sensitive documents
- A third party IT attack
- A phishing email opened by someone in the company
- A disgruntled employee passing confidential documents on
Financial information, confidential data and customer details are at risk in both digital and physical form. In-house security must cover the entire chain of possession, from access to data in digital form, through to safely disposing of data in physical form, whether that’s on a USB stick or printed on paper.
The importance of compliance
When the GDPR comes into force next year it will increase the obligations on UK businesses to be more careful with sensitive personal data. They key sentiment is that organisations have an obligation to prevent inappropriate access with proper internal controls. Aside from protecting the sensitive personal data of customers, businesses also have a vested interest in ensuring that confidential figures and information that could aid competitors or undermine business strength doesn’t leak outside of the company. There are three key ways to ensure that all of these bases are covered.
1. Restrict access to sensitive data. High level information and statistics should be limited to those who really need to see them. Access online can be controlled by passwords and offline with the use of locked storage units for sensitive data, as well as rooms that can be properly secured as out of bounds. It’s important to set up a chain of ownership so if the worst happens you can see exactly who was responsible.
2. Train staff in data protection. Your staff are probably your most vulnerable point when it comes to a data breach. Although they may have no malicious intent, a document accidentally taken home and left in plain view, or a link in an email unknowingly clicked on, can have severe consequences for the business. Establish a data protection policy that sets out where the boundaries are, what your expectations are of staff and what the consequences are for committing a data breach. Train staff in how to secure physical data and guard against digital data breach.
3. Securely dispose of data. Secure shredding is one of the only ways to ensure that your data in physical form has been properly disposed of. Partnering with a document destruction company will provide you with regular secure shredding of everything, from paper documents, to media such as floppy disks and video – at whatever volume you require. Shred-on-Site provides secure shredding that ensures data is completely unrecoverable from physical items, from branded products to prototypes. For the sake of legal compliance, as well as business security, it’s an essential step to take.
Get in touch with Shred-on-Site today by giving us a call on 0800 181 4106 to discuss your requirements and how you can improve your in-house security.
Author: Mark Coombes, Follow me on Google+