The last week of January is Data Privacy Week, which “underlines the importance of valuing and protecting personal information,” according to the Office of the Privacy Commissioner of Canada (OPC).
As a business or organization, that means understanding your responsibilities in collecting, sharing, and using personal information. The OPC has provided a Privacy Guide for Businesses that outlines 10 best practices. It also offers tips for individuals who want to protect their data.
In addition to this important information, we thought we would also take this opportunity to discuss how businesses can protect their data from being stolen, or shared inappropriately.
Here are five ways you can protect your data:
Prevent sensitive data from being shared
Within Microsoft 365 are Data Loss Prevention (DLP) policies that can be implemented to keep sensitive information — such as financial data, proprietary data, credit numbers, etc. — from being shared inappropriately. By applying DLP policies, you can protect all documents that are saved within Microsoft 365 applications such as Word, Excel, Teams and SharePoint. Learn more.
Secure your physical devices
There are any number of ways to lock down physical devices. One of those is conditional access. It allows you to set up conditions for access to physical devices. For example, say you only want to allow staff to log into computers that the network identifies. That means if an employee tries to log into the network from an unauthorized computer, he/she won’t be able to do so. That’s because the device hasn’t met the criteria to log in.
Have a clean-desk policy
You know that sticky note on your desk with the password to log into your computer? Well, if you can see it, so can everyone else — and that means your system can be logged into by anyone. Take a moment to look around and see what important information is being stored in plain sight. And be secure when leaving your workstation unattended. Pressing the Windows Key + L at the same time locks the computer quickly.
Use password best practices
In addition to cleaning up your physical space of sensitive information, it’s also important to lock down your passwords. When creating passwords, consider length, as well as complexity. When multi-factor authentication is not available, studies have shown that long (and easy to remember) passwords are more effective at stopping brute-force attackers than special characters. Also, don’t reshare the same password across multiple logins as you are more vulnerable to a widespread attack.
Beware of phishing
One of the main ways that hackers try to obtain access to your organization’s protected information is by phishing — users mistakenly click on a link or download an attachment with malware. You can put protections in place, such as Microsoft’s Advanced Threat Protection. But there’s an even easier way to protect yourself. Here are a few ways you can detect a phishing email.
We would be happy to assess your company’s security processes. Contact us today to book an assessment.