.svg)
Featured Posts
Last year, we explored the importance of protecting your digital footprint. This means restricting what personal data is freely available online, or accessible with a bit of digging. This advice also applies to organisations. Your own personal footprint can still affect the online safety of your organisation – for example by divulging corporate movements, policies and procedures on social media or in your out of office message. Organisations in contrast - generate, collect and handle vast amounts of customer data, internal communications and intellectual property. By actively managing the security of this data, they can build trust and stay compliant with regulations and help avoid breaches.
1. Assess the necessity and relevance of stored data
When conducting any form of assessment, it’s important to review the types of data collected, and how. Just as individuals question the relevance of personal data collected by apps, organisations should critically examine why they’re gathering specific data and what it’s used for. Limit collection to what’s necessary for business operations, which reduces risk and helps prevent potential breaches. If you need to be GDPR compliant, each instance of the use of the data must be divulged and be able to opt out by the user.
2. Implement role-based privacy settings
Tailor access based on employees’ roles. Privacy settings aren’t just for personal accounts; they’re essential for enterprise data security. We call it the rule of least privilege. Limit access to sensitive information based on employees' roles, minimising the risk of accidental exposure or unauthorised access. For example, in the event of a spear phishing attack – if an employee is asked by the criminal to transfer money, give access or complete a task – even if they don’t spot that phish – they shouldn’t be able to complete these tasks due to their access levels.
3. Adopt basic cyber security measures
Embrace a multi-layered security approach by enforcing strong passwords/phrases, multi-factor authentication (MFA), and regular software updates. Every organisation should have a clear cyber security protocol that all employees understand and follow. A good way to ensure this is complied with, is to use a password manager as standard, an IDAM to manage access to the network, and an authenticator app all as part of the onboarding of staff.
4. Educate and train employees
Data privacy isn’t just a technical issue; it’s a cultural one. Invest in regular training to help employees recognise phishing attacks, understand data privacy policies, and know best practices for securing sensitive information. Our bite-sized courses are perfect for this, as they don’t disrupt the day with lengthy certifications, and phishing simulations are customised to the sophistication of the learner, so that no matter how knowledgeable, there is always a lesson in the simulation.
5. Regularly audit and update privacy policies
Privacy settings and policies need regular review and updates to remain effective. Establish an audit system to ensure that data privacy measures are current, compliant, and aligned with best practices and regulations. This doesn’t have to mean a company wide PIA (Privacy Impact Assessment), but any time a new piece of software is introduced, or new product is launched, a good practice is to test that against your current policy to ensure that you are still doing what you say you are doing with the data you collect.
By proactively taking control of data, organisations can protect themselves, their clients, and their reputation in a digital-first world.
Download our free resources to help you, your organisation and community navigate privacy best practices with confidence.
