Data Protection: 5 tips for your business

Table of Contents
How to protect your business data
With GDPR regulations and the increasing threat of black hat hackers accessing your data… what can you do to ensure your business is safe?
1. Automate Software Updates
It is vital that your operating systems be kept up to date to minimise security risks. The most efficient way to do this is by automating any available updates, keeping your security up-to-date too.
By turning automatic updates on, you can be reassured that employees are using the most up-to-date software. PCs will automatically install security bugs and patches for the operating system as developers come up with new ways to prevent malware attacks and hackers from accessing user data.
2. Take care of privacy settings on Mobile devices
When setting up a new mobile device or downloading an app, privacy settings are important to be aware of within your company policy. The permissions you give to a certain device system or app could grant access to hackers.
For example, some apps request the user’s location, which is fine for certain location targetting apps and GoogleMaps, but not for other applications. Always be wary – some applications may request contact details and other sensitive information which, once given, you won’t be able to get back.
Continue to check what information employees are offering to their devices via mobile settings and app permissions.
Control app permissions on Android.
Control app permissions on iPhone.
3. Watch out for Impersonators
With communication in the online world being mainly through email and messages, you often don’t directly see who you are talking to.
To prevent phishing attacks within your business, encourage employee training when it comes to emails. It’s advisable to put steps in place for recognising emails that could put your company data at risk.
Always read emails carefully and look for elements like spelling mistakes, mistyped email addresses and unforeseen attachments. If the email looks like a potential scam, delete or report it to security management. If you are ever unsure if an email is genuine, call the sender and ask them directly.
Sometimes impersonations go as far as to copy genuine reputable sites, such as banking and social media logins. Always look for the HTTPS:/ and lock icon left of the webpage link, these tell you a site is genuine.

4. Know the signs your data has been breached
Sometimes you cannot tell your data has been breached until it is too late. But there are still things you can do to prevent an imposter from getting more information and causing more damage. Look for the warning signs that someone else is using your data.
- Someone tells you they have received an email from you which you did not send.
- Small transactions leaving your banking account which you did not pay for. Sometimes imposters do this to siphon money without the account owner realising.
- Unwanted posts coming from your account on social media. This is common and if one of your social media accounts has been hacked, others may have too.
5. Destroy old data and dispose of IT equipment properly
Client information, once finished with, needs to be completely destroyed or wiped under GDPR law to prevent unwanted users from accessing information. If data is not disposed of appropriately, hefty fines of millions of pounds can be issued by the ICO.
It is essential to destroy data held on devices are through a certified recycler. Destruction via a recycling company allows for complete ease of mind from data leakage and provides you with certificates of destruction to prove to clients their data has been handled properly.
Advice on the Right to Erasure by the ICO – go to page 116.