4 areas any robust data security policy should cover

Written on the 1 December 2022 by Janet Culpitt

No matter the size of your business, maintaining robust a data security policy is an important tool to help protect against theft or loss.

Businesses need to capture more data than ever, but as recent headlines show, it’s not always easy to securely store and maintain it.

Data loss or compromise can cost companies dearly: in fact, IBM research indicates the global average total cost of a data breach is around $4.35 million in 2022.

And with high-profile breaches occurring regularly, posing a threat to both individuals and organisations, the onus is on everyone to make sure the principles of data protection are understood and communicated clearly.

For businesses, the stakes are high, so the best thing to do is act now to incorporate security processes into a business-as-usual approach to data protection – and that includes the creation, review or updating of your data security policy.

If you’re in the process of reviewing or writing a new data security policy, here are four key areas that should be covered if you’re to maintain vigilance against data theft, loss or leaks.

1. Advise on the proper use of devices

Provide direction on where and how your staff should keep their devices and tell them that if a company device is lost or stolen, you need to know immediately.
Keeping devices up-to-date with the latest software is also a core aspect of data protection your employees need to know about.

The Australian Cyber Security Centre recommends turning on automatic updates for operating systems, to regularly check for software updates when automatic updates aren’t available, and install software updates as soon as they arrive.

2. Create best practices for password security

Enable multi-factor authentication to make sure only legitimate people have access to your business data.

If you don’t have multi-factor authentication enabled, you may want to encourage employees to use passphrases (a longer, sentence-like string of words) instead of a short word.

Passwords can be very easy to guess, whereas a passphrase can be anything, making them highly secure while still being easy enough for the individual to remember.

Using a secure password manager may also be a good solution for your employees to stay on top of all their accounts.

3. Educate employees about phishing and other scams

Using an anti-spam filter limits the number of phishing emails that your employees may receive on their work accounts, but they still need to be alert to scams and business email compromise attacks.

Train your team to question the unusual, such as payment or personal information requests over email.

In these instances, employees should seek verification face-to-face or via another channel, because a cybercriminal may have infiltrated someone’s email and be impersonating them.

4. Don’t forget employee offboarding processes and policies

When staff leave your employment, they should return all their company devices and equipment.

In addition, it’s equally important to remove leavers as a user from company systems, so they’re not able to continue to access your business data and intellectual property for personal gain or the benefit of their new employer.

Act now to protect sensitive business data

Daily practices and constant rigor are crucial for reducing data security risks in all businesses.

It’s important not to leave matters to chance, but to put a proactive plan in place that incorporates data security, storage, back-up and recovery.

The final but perhaps most important element is your team. Whatever their role in your business, train your staff to do what they can to prevent data loss or leaks.

Source: MYOB October 2022

Reproduced with the permission of MYOB. This article by Peter Wolski was originally published at https://www.myob.com/au/blog/data-security-policy/

Important:
This provides general information and hasn’t taken your circumstances into account. It’s important to consider your particular circumstances before deciding what’s right for you. Although the information is from sources considered reliable, we do not guarantee that it is accurate or complete. You should not rely upon it and should seek qualified advice before making any investment decision. Except where liability under any statute cannot be excluded, we do not accept any liability (whether under contract, tort or otherwise) for any resulting loss or damage of the reader or any other person.

Any information provided by the author detailed above is separate and external to our business and our Licensee. Neither our business nor our Licensee takes any responsibility for any action or any service provided by the author. Any links have been provided with permission for information purposes only and will take you to external websites, which are not connected to our company in any way. Note: Our company does not endorse and is not responsible for the accuracy of the contents/information contained within the linked site(s) accessible from this page.