We all handle data in one way or another. Whether it is a trail of emails with company information, sharing a spreadsheet with a colleague or accessing a remote database, data is constantly moving around our workplace. Unfortunately it is becoming increasingly easy to access company data and with a number of recent high profile hacks, we have devised a simple 5 step guide to increasing your data security.

 

Explore more hacks @ informationisbeautiful

Rule 1: Be Paranoid

This rule applies to all digital security, both personal and professional. Start with the assumption that you are a target and you are hackable. Many companies believe that their data is not valuable and they will not be targeted- until they are hacked, of course! So, remember, your data is always valuable. It’s a common misconception that your data must contain credit card details to be of some worth, but the truth is, your data may still have other private information, such as names and email addresses, or confidential IP that makes your business competitive. So, always be paranoid, at least for your customers’ sake!

Rule 2:  Don’t use Email

One of the biggest failings of the modern workplace is email. Not only is it inefficient, it is also terribly insecure. Copies of your data can remain sitting on your email server for a long time in an unencrypted form. The best solution for this is to transfer data using a secure server with an encrypted connection, like SFTP. For the non tech savvy, Google Drive or Dropbox are still an improvement over email and very easy to set up. There are also paid services such as SpiderOak that take the hassle out of encrypted file sharing and backups.

 

Rule 3:  Know where your data lives

Data resides in many places within an organisation. While most data is housed in a central database, other data will live on employees’ laptops, or in remote backups. These other data locations are often overlooked, but are just as important as your central database. If you secure your main database with high-level security protocols, this will mean nothing if your backups are unencrypted. This task is especially difficult when data can be ‘hidden’. A good example of this is sharing a graph with the visualisation software, Tableau. While the visualisation is meant to be shared, the underlying data used to create it may contain whole datasets. This means an unaware analyst can drop in an entire customer database, and then share it on the back of a simpler graphic visualisation.

 

Rule 4:  Protect Anonymity

To paraphrase the bible, “Do unto other personal data as you would have them unto your personal data”. We know that staring at thousands of lines of data very much removes the ‘human element’, but remember, the humans behind that data trust you to keep their data safe. In the recent Equifax hack, millions of Americans had their Social Security numbers and birthdates stolen. What makes this breach particularly bad is that these numbers are permanent and may pose a threat to their digital lives forever. In order to protect anonymity, only provide the minimum amount of data and de-identify the data using anonymised tokens in place of names.

 

Rule 5: Be up to date

Keeping your software up-to-date is a great habit, but like many habits, they are easy to ignore. That annoying alert in the top corner of your screen you ignore day after day might be a security patch that protects you against malware infections. Many recent ransomware attacks would have been preventable by simply upgrading to the most recent operating system.

 

Lastly, these steps are no panacea and it is important to keep your personal phone, laptop and digital life in check as much as your business one. At a minimum, start by using Two Factor Authentication (especially on your email account where a hacker can gain access to reset all your other passwords), use complex passwords (and don’t use the same one everywhere!), and encrypt your personal data and hard drives.

 

This is just a collection of strategies we use at Bold.Voyage to keep our clients data safe. We only ever send and receive data via encrypted protocols (such as SFTP, or Dropbox) and we also have a secure drag and drop interface for our clients to share data with us.

 

Leave a Reply