By Steven Allan, CEO and Founder of LintenBy now, the vast majority of businesses are familiar with GDPR and have worked hard to implement the necessary data security measures. However, there are many which are still not fully compliant with the legislation, and even businesses that have followed the steps prescribed by the international legislation may not have a contingency plan for a security breach. By lining up the right tools and processes, you can ensure seamless business continuity in the event of information theft or other data-related disruption.
Studies show that 94 per cent of organisations that suffer severe data loss, for any reason, do not recover. But GDPR compliance needn’t be scary. Here are a few relatively easy ways to meet GDPR requirements and avoid potentially damaging interruptions to your business.
Data protectionGDPR is primarily concerned with the protection of sensitive, personal data, for your business and clients. GDPR legislation requires all companies to take appropriate measures of “protection against unauthorised or unlawful processing and against accidental loss, destruction or damage” (Chapter 11, Article 5(1(f))). You can prevent data breaches and security leaks by investing in effective security software. Beyond sophisticated software, adopting simple security habits can potentially assure your business continuity.
Use complex passwordsPassword-protected data is only safe if you use complex passwords. If you regularly use the same easy-to-remember passwords then it’s likely that your accounts are easy to hack. To reduce vulnerability to sophisticated cyberhackers, we recommend using a combination of letters, symbols and numbers in every password. Random password generators are a useful tool for creating codes that are almost impossible to crack. Also, don’t use the same password for multiple accounts!
If you are concerned about forgetting your passwords, you can rely on an encrypted password storage service. But you should aim to change your passwords every 60 or 90 days, to minimise the risk of a future cyberattack.
Lock your desktop when you’re awayIf you leave your desk, even if just for a minute, it’s important to lock your computer screen. There are multiple shortcuts to make this easy, using your mouse or keyboard. Pressing the Windows key + L on a Windows computer will offer the option to lock your screen; whilst Command-Control-Q will instantly lock a Mac.
Install anti-virus softwareMost people are familiar with anti-virus programmes and may have already installed a basic software package. However, for your anti-virus software to be truly effective, you must regularly install new updates and bug fixes. The easiest way to make sure you’re up to date is with an ongoing support retainer from a trusted IT team.
Rather than blindly trusting that your documents are protected, we also recommend continuous monitoring. Remote IT support teams will regularly check that your anti-virus system is up-to-date and working as it should be. Reactive support for your security software means that any issues can be dealt with swiftly.
Implement two-factor authenticationTwo-factor authentication requires a user to input two passwords, or answer two security questions, before gaining access to certain files or functionality. This additional layer of security makes it substantially more difficult for hackers to access sensitive data.
Most cloud service providers, including Apple, Google and Microsoft 365, provide the option to switch on two-factor authentication. It’s a simple security measure that allows you to verify users and manage access restrictions easily.
Encrypt your hard drive and cloud filesDisk encryption converts your files, operating system, software programmes and sensitive data into unreadable code. Rest assured, encryption doesn’t affect the day-to-day usage of your computer; but it does make it incredibly difficult for hackers to decrypt and interpret your data if any devices are lost or compromised.
Business continuity in the event of a data breachA data security breach, or even an accidental loss of sensitive information, both carry legal obligations under GDPR. For example, you must notify your clients within 72 hours if their personal information may be at risk. However, beyond the legislative implications of a data breach, it’s vital to have a business continuity plan in place. Secure backup and clear processes will help to minimise disruption to your business.
Manage your systems remotelyAmong a multitude of security features, cloud-based systems allow you to manage your company’s data from anywhere. This means that, should a hacker gain access to your sensitive files, you can delete them from a distance.
Article 17(1) of GDPR states that a “data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay”. This means that your clients and customers can request that you delete their identifiable data immediately. The easiest way to do this is with remote management of your storage. Remove records from all connected devices in one step, to comply with GDPR requirements.
Regularly backup your dataSafeguard your data by storing a copy off-site, in a secure cloud data centre. Using multiple backup locations protects against both physical disaster and digital danger.
Manual backups alone may not be sufficient to ensure business continuity after a full system restore. Can’t remember when you last backed up your vital business data? Then it was probably too long ago already. Choosing a managed, automated backup service, like trustbackup, will ensure that your data is safely backed up as often as every ten minutes. Backup management adds extra peace of mind, to ensure that your files are not corrupted or lost during the process.