With the impending arrival of GDPR and mass-publicising and development of the Facebook and Cambridge Analytica scandal, there’s never been a more pressing time for businesses to review and improve the way they capture, store, and process data. The stakes are high, with damaging consequences for those that don’t take GDPR seriously or put enough preventative measures in place to mitigate the risk of a breach (which, if one occurs, must be reported to the ICO within 72 hours). But it’s not only financial penalties businesses must worry about, data misuse and data breaches can put your reputation in jeopardy too. The Facebook and Cambridge Analytica fiasco is an example of this, with a recent poll published by SurveyMonkey and Axios showing that the site’s favourability rating has dropped twice as much as its counterparts over the last five months.
There have been many high profile data misuse/data breach cases that have hit the headlines over recent years, but the reality is no organisation’s data is immune from falling into the wrong hands, whether as a result of malicious hackers or a hapless, undertrained employee.
Human error is the leading cause of the vast majority of data breaches, but the good news is protecting your organisation is relatively simple to action. Here we have listed some of the most common warning signs to be aware of – ignore them at your peril!
- Your passwords are too predictable
You know you shouldn’t, but chances are you’re still using the same passwords to log into multiple sites, whether that’s the obvious ‘password’ or ‘123456’, or a word and number combination that’s means something personal to you. This makes it very easy for hackers to guess, even if they have to take a glance at your social profiles first, and once they have a route in, they will take very little time in exploiting their access and stealing your data. Another way the cyber-criminals work is by tricking people into giving their bank details or passwords, and it’s surprising how many people do fall victim to this!
Ensure your passwords are more secure by creating ones that have a combination of letters, numbers and special characters (like £, $, & or @), and changing them regularly. It’s important that all employees understand the importance of good passwords and how to manage them – either through an internal training session or an eLearning course. You may also wish to recommend an app like LastPass which acts like a vault for your passwords, while also having the functionality to create randomised letter, number and character combinations.
- Your employees aren’t security-savvy
‘Man-in-the-middle’ attacks are becoming more and more commonplace, whereby a hacker gains access to your network or intercepts communications so they can eavesdrop, collect data, and interfere with your employees’ transmissions. While much of this comes down to organisations having weak internal infrastructures, employees play a part too, especially in an age where agile/flexible working is so popular. Something as simple as working on company laptops or phones from unsecured, public Wi-Fi networks, or accessing sites without the secure ‘https’ protocol can pose a risk.
Equally, if your employees frequently fall foul of computer viruses or complain about the speed of their computer, only for you to discover countless installed plugins, it’s a sign they aren’t web-savvy. Firms such as Power Consulting can help with educating employees on how to be safer when working, and how to spot suspicious emails and web pages, closes another door hackers commonly use to target data.
- There are too many disorganised desks and documents
Did you know that there’s a correct way to dispose of confidential waste? That’s right, it’s actually the law to properly rid of anything containing ‘sensitive information’, whether that’s invoices, customer receipts, business financials, insurance policies, contracts or documents containing PIN numbers or passwords. Minimise the risk of documents falling into the wrong hands by getting employees to tidy their desks! Lockable filing cabinets are also recommended as a safe on-site storage solution. When the time comes to throw a document away, then ensure it’s shredded at the very least. Office shredders come with their own level of security; invest in one which ‘cross-cuts’ to minimise the chances of reconstruction.
- Your organisation holds a lot of valuable data – and too many people have access to it
This one can be broken down into two parts, but when combined can wreak havoc. Firstly, the type of business you run can determine how likely you are to be targeted by hackers (financial crime is one of the top motivators for data breaches). So, if your organisation holds credit card or bank details to process payments, then you’re sitting on a goldmine that criminals would love to get their hands on. Equally, if your systems require customers to login, then hackers could exploit their data too.
Secondly, it can be a case that too many people have access to too much data. It’s sad but true that data breaches are often a result of internal employees either acting maliciously or negligently. Make sure your employees are only able to access the data they need in order to complete their jobs and, equally as important, they are trained to avoid the most common pitfalls (as listed above). This way you’ll minimise the risk of a data breach, as well as negative consequences including fines, damage to reputation and lost revenue.
You may also like: Defend Your Business from Hackers
About the Author
Darren Hockley is MD of eLearning provider DeltaNet International. The company offers a wide range of courses for businesses including training on data protection.