If you haven't heard, the EU's General Data Protection Regulation (GDPR) was applied to all EU nations, Friday, May 25th, to increase personal data security of its citizens. This means that GDPR compliance is also expected from businesses that provide products or services to customers or businesses within the EU. Compliance could include:
- Pseudonymization: keeping personal data separated to prevent user identification
- Complete transparency with the customer
Businesses are required to tell users what data is on them, when their data is breached and how to access their data.
Keeping Customer Data Safe Includes Employees
Keeping data safe is not an easy task because it requires constant monitoring and adapting to oppose the ever evolving cyberthreats. 2017 is deemed the "worst year ever" for cybersecurity with 159,700 total cyber incidents compared to 82,000 in 2016 (OTA). Not to mention, Uber, WannaCry, Equifax, Meltdown and Spectre happened all within last year. However, the OTA reported that 93% of the breaches were avoidable by "regular patching" and simply paying attention to any and all signs of vulnerabilities.
Prevention also includes updating processes that involve employees. Kaspersky Lab surveyed 5,000 companies world wide and found about half (46%) of the cybersecurity incidents last year were caused by "careless/uninformed employees". The good news is that Kaspersky provides some insight into tackling this issue:
"Having security policies is not enough...staff training is essential in raising awareness...to cyberthreats and countermeasures"
Why It Matters
Securing data is more important than ever with GDPR and the challenge to do better than 2017. Ultimately, satisfying customers is at the heart of every good business, and keeping their data safe is a high priority to keeping that goal. Here are a few tips to help equip your employees to go up against cybercriminals. These tips are by a few of our very own IT Support Team here at XenWinGo.
1. Know How to Identify a Phishing Email
You've probably heard of the term "phishing" thrown around before, but what does it exactly mean for securing data? Phishing emails are from cybercriminals with the purpose to appear as some credible identity to trick users into giving private information.
The best way to avoid accidentally handing over information is to know how to identify these tricky emails. Steven from our IT Team says that a key identifier is a misspelled or completely incorrect email address. This could be letters switched around, letters missing or the wrong email domain (email@example.com instead of firstname.lastname@example.org). However, it is highly recommended to contact your IT team to help you identify any suspicious emails.
2. Instill Great Password Etiquette
Passwords are arguably the most important safeguard to keeping any data safe, but it is almost always abused. Our IT Team recommended several practices to great password etiquette:
- Don't share logins - have your own account or user ID
- Don't type or write down your password on computer or paper (including emailing them to yourself)
- Change your password every 90 days if you can
3. Get Formidable Software: Forticlient
Training employees for a better cybersecurity approach is very necessary, but don't forget to set your first line of defense. Issac from our IT Team suggested Fortinet's Forticlient. It's a malware detection and antivirus software that runs on your computer and allows you to quarantine your computer when there is a threat. Detection software will help you find vulnerabilities and patch it right from the start.
4. Backup your Data Regularly
By regularly, Steven and John from our IT Team mean every 3 months (or every month for companies with a high influx of data). Backups don't only help you with disaster recovery, but also with security. Backing up data involves storing your data somewhere else, which helps you protect the integrity of a customer's data.
5. Don't Download Strange Things
As tempting as it may be to download attractive eBooks or guides no matter what the source is, know that it could be a scam. Be aware of what you download onto your computer. Steven pointed out some key identifiers of suspicious files such as:
- .exe files
- small pdfs (100 KB or less)
- unrecognizable file names
It's very important to reach out to your IT support team whenever there is anything suspicious. Adopting these tips into your security plan and educating employees with these will help you keep your customer data safe.
How secure is yours and your customer's data really? We can help you find that out. Contact us for a FREE Consultation and we'll talk security.
GDPR | Pseudonymization | TechRepublic - Half of IT Security Incidents are Caused by Company Employees | Security Intelligence - Half of Cybersecurity Incidents due to Employee Negligence... | Kapersky Report | OTA Report | TechRepublic - 2017 was Worst Year Ever in Data Breaches | Photo by Kaitlyn Baker on Unsplash