5 Things Companies Can Do to Protect Data & Prevent Security Breaches
In Singapore, personal data protection is governed by the Personal Data Protection Act (PDPA) and it enforces that every organisation should know how to protect data it’s responsible for, whether it is data relating to the organisation, their staff or their clients.
Learn how you can prevent security breaches and protect data that is under your care with these essential data breach prevention tips:
Establish Security Policies
- An organisation can benefit significantly by implementing robust security policies, like a Shred-it all policy. With the right policies in place, the burden of deciding which documents should be shredded and which can be otherwise discarded, can be lifted off the shoulders of employees. By shredding every document, the risk of a physical data breach is kept at a minimum. Companies are also encouraged to regularly review their policies and procedures to make sure they are relevant and up to date.
- An office worker uses an average of 10,000 sheets of paper per year. Amongst these papers, there is bound to be confidential data. However, many organisations tend to dispose of paper documents in an unsecure manner such as with other rubbish from the office or via recycling bins. These companies may be completely unaware of which documents have private information on them and what happens to them once the paper is removed from the office. By shredding documents before they are disposed of, the data is destroyed thereby preventing a data breach if it were to fall in the wrong hands.
Hard Drive and Media Destruction
- It is a common misconception that the right way to dispose of data on hard drives is to erase or reformat it. However, a recent study by the National Association for Information Destruction (NAID) found that on 40 percent of devices resold via resale channels contained personally identifiable information, including credit card information, contact information, usernames and passwords, and more. To prevent security breaches, you should destroy your hard drives and other data-carrying media. This is the most secure way of protecting sensitive data.
- Many data breaches occur because of human error. The best security systems can’t help your organisation if employees do not understand their roles and responsibilities in protecting sensitive data. By investing time and resources once a year into properly training staff on security policies and issues, employees will be able to understand the value of protecting data and be more aware of their role in ensuring that data is kept safe. In Singapore, the PDPA has a local certification programme for data protection officers to better equip companies in the way they protect their data
- When it comes to protecting soft copies of data on devices, you might think that implementing a password would suffice. However, getting through passwords is relatively easy for hackers and doesn’t stop them from stealing confidential data. Take, for example, the big Yahoo breach that dated back to 2014. The hack was only uncovered two years later. This shows that even if encrypted data is secure today, it doesn’t mean it will stay that way. Encrypting devices adds an additional layer of security and makes it harder for third parties to access them. Furthermore, protocols can be put in place to wipe data from devices if unauthorised access is detected. These steps will help protect the data in case the device ever falls into the wrong hands.
The first step you should take is to assess the workflow of your organisation and spot weak spots in the system that you can improve on to ensure a secured work environment. By following these steps, you will be able to avoid becoming one of these organisations.