3 steps to safeguard personal data in your business

.

Protecting personal data is at the core of all conversations around cyber security and data privacy. If leaked, or accessed by an unauthorised third party, it could lead to identity fraud, financial loss and damage to reputation.

In business, we handle all sorts of personal data belonging to our employees and our customers. Without appropriate cyber security measures, you can predict how devastating a breach of this information could be.

This is why understanding what personal data is and how you can protect it is an important risk assessment and data protection activity for your business.

Luckily, Virtuoso is an expert in data security. We will share what personal data is, the risks of obtaining it and how to protect it from threats. We will even share a simple 3 step process you can follow to safeguard data from cyber criminals!

What is personal data?

Personal data is defined as any information that can identify a particular individual, either directly or indirectly. Some examples of personal data include:

• A name and surname
• An email address
• A home address
• Date of birth
• Online identifiers (an IP address, cookies, etc.)
• Location data (e.g. mobile GPS tracking)

As well as these examples, other forms of personal data that are considered even more sensitive that can pose risk if in the wrong hands, include:

• Banking or financial information
• Tax information
• Login credentials and passwords
• Driver’s license information
• Passport details
• Medical records
• Personal phone numbers

What are the consequences of a personal data breach?

If you experience a personal data breach in your organisation it will mean that information belonging to either your staff or customers has been stolen or leaked. This scenario could arise in several ways, including phishing, ransomware, brute force, human error and even trades on the dark web (read our “4 ways hackers steal credentials” blog for more info).

A personal data breach is a serious threat to all businesses! If this information gets into the wrong hands it could lead to:

• Identity fraud
• Financial fraud
• Impersonation
• Loss of confidentiality
• Loss of trust and credibility
• Damage of reputation

If your business is handling personal data, it’s your responsibility to manage it and protect it sufficiently. If this data falls into the grasp of a cyber criminal, it could result in serious consequences for your business and its reputation.

Did you know we work with businesses, like yours, to help them gain Cyber Essentials certifications too? This process involves identifying effective practices to manage data, as well as detecting other security vulnerabilities your business might have.

What is personal information under GDPR?

The UK General Data Protection Regulation, better referred to as GDPR, came into effect in May 2018 and was one of the largest data protection acts ever passed by the EU. As almost every organisation in the EU handles some form of personal data, GDPR was an essential response to the growing need to regulate and protect this information.

As a UK business you must take active steps to prevent the misuse of personal data by complying with GDPR. Failing to do so could result in up to £17 million or 4% of your company’s turnover!

So, what is considered personal information under GDPR?

GDPR Article 4 gives the following definition: “Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

This flexible definition could cause some confusion for those with complex business models, which is where a technology partner, like Virtuoso, is considered hugely valuable. We have helped hundreds of customers appropriately manage and protect their data, ensuring compliance with GDPR and preventing cyber security breaches.

Trying to get your head around GDPR and what it means for your business? Get in touch! Our data security experts are waiting to hear from you.

3 steps to protect personal data in your business

You can protect personal data in your business in several ways! But if you don’t know where to begin, try following these 3 steps:

Step 1: Identify personal data in your business

The first step to protecting the personal data in your business is to conduct a thorough review of the data you process. This will involve going through each area of your business, assessing the information you have on file, why you have it, how long it’s been there and who has access to it.

Trying to figure out where to begin?

This sort of analysis can be exhaustive and is where working with a technology partner like Virtuoso could be of value! Each of our customers is allocated a trusted account manager, who can help them identify the personal data in their business and provide them with actionable recommendations to manage it efficiently.

Step 2: Ensure data platforms are secure

The biggest threat to personal data is access. Without having access to this information, cyber criminals cannot cause harm to your business. That’s why it’s incredibly important to store all sensitive and personal information on a robust cloud-based platform that offers you all the security measures necessary to keep data safe.

But it’s not just deciding which platform to use that matters – it’s also essential that your data platforms are configured with the correct security and permission settings. This could involve only permitting certain members of your team to access the system, or setting up multi-factor authentication (MFA) to ensure data cannot be breached in the case of a credential leak.

Unsure about permissions and access in your business?

Information security can be overwhelming, particularly if your data is spread across multiple complex platforms. When working with an IT support specialist like Virtuoso, you will have access to a team of experts who have a breadth of experience in managing security across many of the world’s leading technologies.

Step 3: Add extra layers of security

Security extends beyond user permissions and system configurations. When handling personal data you must implement modern and advanced security software across your business that can detect and respond to threats as they attempt to infiltrate your business.

There is a whole range of tools and measures to hand that can act as an extra layer of security for your business. This could include:

• Migrating on-premise data to the cloud
• Introducing endpoint detection and response software
• Implementing email security
• Monitoring the dark web for data leaks
• Ensuring software and devices are up-to-date
• Disposing of old data properly
• Training your staff on data security

Puzzled about which extra layers of security are needed in your business?

Luckily for you, cyber security is one of our specialities. We understand that every business is different, which means the security toolset necessary will vary depending on your requirements. If engaging with Virtuoso, we will take the time to learn about your business and the threats you’re most at risk of and design you a bespoke security strategy that will cover all the bases.

Where to go from here?

Data protection and security is a complex minefield, but one you have to get right. A data breach could cost your business money, or worse – its credibility!

If you have questions or concerns around personal or sensitive data in your business, we’re waiting to hear from you. Our team of friendly, experienced technology experts will design you a robust cyber security setup that keeps your business safe from cyber crime.

Don’t hesitate – give us a call today!