Drafting a responsive corporate data security policy is a prerequisite in today’s business culture due to the rapid increase of cyber-attacks. These cyber-attacks are targeted towards businesses that have not set up adequate security protocols; and once their network has been breached, hackers use sensitive information to blackmail the business or use the information for their own advantage. According to numerous studies these cyber-attacks are heavily targeted towards start-up businesses or small businesses, as they have not implemented effective security policies. However, recent experience proves that even larger businesses and organisations are not immune from cyber-attack.

Every business must take substantial steps to protect their business’ private information; this can only be achieved by drafting an effective responsive corporate data security policy. Since there are so many different factors to consider when developing a data security policy, many businesses tend to miss out on the core factors which ensure optimum data protection. In this article we set out a list of important elements that should be included in every corporate data security policy:

1) Establish Password Management

Every business should introduce a policy mandating that employees create complex passwords that are periodically changed.  This policy should not only apply to employees who have access to sensitive information but should apply to every single employee present in the work force. Some companies prompt their employees to change passwords every 6 to 12 weeks, with old passwords not being reusable for at least 12 months.

2) Internet Usage Should Be Governed 

Another core element that should be included in every data security policy is stringent governing of internet usage. Every organisation should determine what kind of access each employee gets when using company IT assets. This will help productivity and will also protect corporate social security concerns. Many data security breaches can be traced back to social media accounts. Every business should implement strict policies which govern what kind of business information employees can share on social media platforms - whether on business or personal accounts.

Sensible internet access practices are easy to enforce in an office, but less so when employees are working remotely, and it is no longer feasible for most businesses to impose a blanket ban on social media access. Instead, you should take care that personal Internet use and business Internet use is carefully segregated when employees are using the mobile devices – for instance by only allowing network access on approved devices, or requiring remote login through a secure VPN.

3) Implement Two Factor Authentication 

One of the most effective ways a business can protect themselves is by implementing a two-factor authentication process for employees who have access to sensitive information. Not only will this improve the integrity of the company’s security protocols but will help keep hackers at bay. A two-factor authentication process, like that used by Internet banks, is relatively cheap to set up and is easy to manage through a third-party service.

4) Safeguard Data Privacy 

Every employee should understand that your privacy policy is a guarantee to your clients that their information will be protected. Vigilance while accessing sensitive data should therefore be an essential part of your company culture. However, data security does not stop with employees. Other parties may also have accessed your business data, including consultants, third-party accountants, contractors, suppliers etc. your data security processes and technologies should therefore allow different levels of access and procedures, with information only available on a ‘needs must’ basis.

5) Manage Email Usage 

Many corporate data breaches occur due to employees misusing email or when employees do not understand that their email usage could result in theft, viruses and ransom ware.  Every employee should be trained to identify phishing attempts and avoid accepting emails from unknown sources. 

6) Securely Dispose of Old IT Assets

Data security also involves how information is handled before assets are reused, recycled, sold or disposed of. Most commercially available data cleaning processes do not completely remove sensitive data from hard drives. The files remain in place, albeit in a scrambled and corrupted format. It is possible, with the right tools, to extract a lot of sensitive data, even from hard drives that are supposedly clean. For this reason, businesses should either invest in adequate data sanitation software and data shredding facilities, or outsource this function to a business such as ourselves. For a modest charge, we provide complete accountability and peace of mind that your data is destroyed when no longer needed, drastically reducing your risk of cyber-attack or data leak.

To speak to one of our data specialists about how to improve your corporate data security policy, please email info@absoluteitad.com, or call us on 01332 371 989.