One year on from GDPR, here are some simple tips to comply with the law and ensure seamless business continuity in the face of a data breach.
It has been 12 months since GDPR was enforced, and there are many who are still not fully compliant with the new law. Here are a few steps to simplify the jargon and help to meet GDPR requirements. Ultimately, compliance with this law will help to ensure seamless business continuity in the face of a data protection breach.
Whilst the majority of businesses have worked hard to implement the necessary data security measures, many have failed to meet requirements. In the first year since GDPR was enforced, total fines of €56 million have been issued. Beyond following basic steps towards compliance, companies also need to have a firm contingency plan defined for a security breach.
The EU’s GDPR was enforced to protect sensitive, personal data, for your business and clients. Studies show that 94% of organisations that suffer severe data loss, for any reason, do not recover. Information theft can result in legal fines, costly software investment, and potentially irreparable damage to your reputation. That’s why we’ve put together a simple guide of easy ways to meet GDPR requirements and avoid interruptions to your business.
The first step to protecting your business data should be to invest in effective security software and support. Beyond investing in sophisticated software, adopting simple security habits can potentially assure your business continuity.
Data breaches are not just enacted by cyberhackers. Leaving your desktop unlocked when you’re away from your desk gives passers-by easy access to any sensitive data on your machine.
There are multiple shortcuts to lock your screen, using your mouse or keyboard:
On a Windows computer: press the Windows key + L.
On a Mac: press Ctrl + Cmd + Q.
Password-protected data is only safe if you use complex passwords. To improve your security against cyberhackers, we recommend using different passwords for every account. Your passwords should include a combination of letters, numbers and symbols. Try using a random password generator online to create codes that are almost impossible to crack. We also advise changing your passwords every 60-90 days.
If you are worried about forgetting your new passwords, we offer a secure password storage service. By encrypting your user information in our cloud storage centre, you can access each password whilst outsiders will never be able to decode the data.
Two-factor authentication provides an additional layer of security by making it more difficult to access sensitive data. By enabling two authentication barriers, users must input two passwords or security answers to gain access to certain files or functionality.
Most cloud service providers provide the option to switch on two-factor authentication. We recommend using Sharepoint and OneDrive for instant collaboration tools with easy-to-manage security measures. Microsoft’s cloud systems make it easy to toggle two-factor verification on and off for certain users and manage access restrictions to certain files.
Storing data in a central cloud location means that no single device contains valuable company data, at any time. This protects your files from physical or cyber theft.
To further enhance your cloud security, our trustbackup service comes with secure encryption as standard. Encryption converts your backup (including files, operating system, software programmes and sensitive data) into unreadable code. This makes it incredibly difficult for hackers to interpret your data if they manage to breach your system. Meanwhile, you can access your encrypted files instantly, to maintain day-to-day efficiency.
If you have installed antivirus software or an access firewall, it’s easy to assume your documents are protected. Yet effective antivirus software requires you to regularly install new updates and bug fixes. The easiest way to make sure you’re up-to-date is with an ongoing support retainer from our remote engineers. We will monitor your systems to check that your data protection systems are working as they should be.
If your organisation falls victim to a data breach, or even an accidental loss of information, you must have a clear recovery process in place. Whilst adhering to legal obligations, it’s important to minimise disruption to your business. The following practices should help you to bounce back from a cyberattack:
Cloud-based systems and hosted desktops allow you to manage your company’s data from anywhere. You can remove records from all connected devices in a single step. This means that if you face a security breach, you can delete or restrict access to your sensitive files from a distance.
What’s more, Article 17(1) of GDPR states that clients and customers can request that you delete their identifiable data immediately. The easiest way to do this is with remote management of your storage.
Regular backups are vital for business continuity. A full backup will allow you to restore your entire system, without losing any data. The safest way to store your data is off-site, in a secure cloud data centre. Using multiple backup locations protects against both physical disaster and digital danger.
Remember: manual backups alone may not be sufficient to ensure business continuity after a full system restore. If you can’t remember when you last backed up your vital business data, then it was probably too long ago!
We recommend investing in an automated, managed backup service, like trustbackup. We can configure automated backups to save your data as often as every ten minutes! For extra peace of mind, a managed backup service ensures that your files are not corrupted or lost during the process.
In the event of a security breach, a clear data recovery process is vital to keep your business running. Beyond backing up your data in a secure location, we recommend checking your backups regularly. It’s vital to ensure that your backup service is working as it should be, before it’s too late.
You can check your backup by attempting to retrieve deleted documents from the cloud. Or, for total peace of mind, you may want to practise a full system restore. Like a fire drill, performing a dummy restore can help to prepare you for the unlikely event of a security breach.
A year after GDPR was enforced, data protection is as important as ever. With the right systems in place, your organisation can meet compliance guidelines and operate without disruption. Get in touch with our expert IT Consultants for personalised advice on internet security or further details about our services.