On Data Privacy Day it is a good time to review best practices for protecting your company’s data. Not only will these strategies reduce risk for your company, but they will also help to build confidence with your customers when they realize that you take data privacy seriously.
- Minimize access to data – Only grant access to data for those that require it to do their job.
- Minimize amount of data – Only grant access to the minimum amount of data necessary to complete a project or task. It can be tempting to pull in more data just in case it is needed or because it may be easier to provide data.
- Delete data when it is no longer needed – If you don’t need to keep a copy of data, delete it when you are done. This prevents the possibility that an unauthorized person might access the data in the future.
- Store data in approved locations only – Make sure you store data in approved locations only. Check with your company before putting company data on a USB storage device for example or emailing company data to your personal email account so you can work on it at home.
- Only access data from approved devices – It can be tempting to use non-work approved devices for work purposes. Especially with so many of us working remotely. Company IT groups put in a lot of time and effort to make company equipment as secure as possible. By accessing company data on non-work approved devices you are bypassing this security and increasing the likelihood that company data could be compromised.
- Define your data – Make sure everyone in your company understands the different categories of data you have, where that data can be safely stored and how to handle data in each category.
- Know where your data is at – Do you know where your company data is saved? Sure, you can find it in expected, approved locations, but what about in unexpected or unapproved locations? Do you go out of your way to search for data in places it should not be and then take appropriate steps with your end users making sure they understand how to properly handle data? Are you monitoring company email for sensitive data leakage?
- Transmit data using encryption and tools that automatically delete data after a set period of time – If you need to send sensitive data to someone avoid putting that data directly in an email. Data tends to live in email systems for a very long time. Instead, take advantage of services that allow you to offload sensitive data to a secure email that keeps sensitive data outside of email systems. This allows for verification of person accessing data and also allows data to be deleted within a short amount of time once it is accessed.
- Train your end users – It is critical that your end users understand what is expected of them. It should also be made clear to them that protecting data is not just the job of your IT group or compliance team. Executives need to make it clear from the top that it is important for everyone to safeguard data. Make this understood at all levels of a company and within all teams.