The biggest changes you need to make to your data protection In 2020

Some big-name businesses felt the full weight of data protection laws in 2019 after a number of high-profile data breaches were revealed. In July, Capital One fell victim to an insider cyber-attack that cost them more than $300 million. Later that month, British Airways also received an eye-watering £183 million fine thanks to its JavaScript vulnerabilities. And while the case is still ongoing, Marriott Hotel’s has been billed £99 million thus far for insecure cash registers across their establishments.

With this in mind, it’s clear that no business, no matter how big or small, is immune to security breaches and data leaks. It’s also clear that the governing bodies are taking GDPR very seriously and not holding back on taking reparations from the offending companies. As such, it’s vital that you’re doing all you can to remain GDPR compliant and enforce data protection changes.

As we begin a new year (a new decade in fact), now is the perfect time to revisit your security measures. During the course of 2020 and throughout the future of your business it’s likely that the volume of data you’re collecting will increase, as will the risks of a cyberattack. In order to be prepared you need to make some important updates and changes to your data protection this year. Here’s how to do it.

Keep educating your team

Regular GDPR training and updates are important for all staff, no matter their level or position. This is because human error is one of the biggest risks to data security. While error or negligence may not have been intentional, it can still land you in trouble and facing a pretty hefty fine. So, it’s best to take precautions and ensure you’re always improving your team’s awareness of data protection changes and their responsibilities as employees to keep this data safe. This is particularly true for those on your finance team or those who handle sensitive data on a daily basis.

Monitor data usage and put access controls in place

If you haven’t already, you need to implement access controls that restrict access to sensitive information and applications where this data is stored, for example, financial records. This enforces authentication and helps to ensure that only those staff who are authorised to look at or use this data, can get to it. This is an important way of protecting sensitive information and can stop it from ending up in the wrong hands. Use two-factor authentication for increased security.

Following on from this, you need to make sure that you’re monitoring all data usage and access. This means keeping logs of who has access to what information, where people are logging on from, which devices hold sensitive data and who uses these devices. It might sound like a lot of work, but it can really help you out when running risk assessments, auditing data or finding the cause of a breach.

Secure all devices and encrypt all data

One of the best and most useful ways to protect your data is through encryption. This is because encrypted data is more difficult and sometimes even impossible for hackers to decipher, so even if they manage to access your systems, the data is no use to them. Not only this, but GDPR guidelines state that businesses must do all they can to keep their data safe and secure, including using encryption. So if you’re not already doing this you really should be! Otherwise, it could be argued that you are not in compliance with data protection regulations.

Another way to ensure your data is safe is by securing all your employee’s devices. This is particularly true now that more people are working remotely or on the move. Not only should you be teaching all staff best practise for working outside the office, but it pays to add multi-factor authentication to their devices (so more than just a password) and to regularly update their security settings. This is also where encrypting your data comes in because if an employee was to log onto an unsecured network (which hopefully they would know not to do anyway) or lose their device, the data within is still protected.

Prepare for IoT devices

While mobile devices were once the biggest concern for data protection, the Internet of Things (IoT) has since taken over thanks to the rise in vulnerable smart devices. If your business uses any of these devices, for example, smart lightbulbs, cameras or speakers, these might be connected to your main network. This presents another opportunity for cybercriminals to access your systems and get to your data. The best way to combat this is by putting security measures in place for IoT devices, turning off non-essential services when they’re not being used and connecting them to their own secure network.

Scrutinise third parties

One of the areas where many businesses fall down is scrutinising the third parties they work with. You can become so focused on your own data protection efforts that you forget about the people outside of your business that you work with. You need to ensure all providers or vendors that you deal with are using the data you provide in compliance with GDPR and that they too have effective security measures in place. This ensures that all data is being shared in a secure manner and also that gaps in their security won’t backfire and lead to a breach within your company. It might feel exhaustive but getting on top of every aspect of the data protection changes is crucial in 2020, that includes checking out all third parties.

Backup your data off-site

Finally, cyberattacks can compromise the integrity of your data as well as exposing it, so it’s a good idea to conduct regular off-site backups. This means you’ll have original copies of all your data should something go wrong. What’s more, it doesn’t just have to be a cyberattack that compromises your data, natural disasters can do this too. As such, it’s best practise to regularly backup your data elsewhere, whether storing it on physical hardware such as hard drives or uploading it to the more commonly used cloud-based systems we have today.