13 Jan How to avoid a data protection breach
With the update of the Data Protection regulations and GDPR coming into force in 2018 the initial noise and fear has subsided but the importance of compliance and avoiding breaches in data has not. Most companies would have gone through quite time consuming processes, heavily documented to demonstrate compliance to the new regulations, changing their systems, training staff and banishing old practices that contravene the new regulations. The most important question now is how do you continue to avoid a data breach on a daily basis, when there are so many access points, risks and operating complications which make elements of it hard to lock down.
With the recent Government Data Breach it has again thrown this topic front and centre and also gives us an insight into the organisation behind the legislation, allowing one of its one departments to suffer such a huge failure. What hope do the rest of us have! In case you missed it, more than a thousand addresses were published in error on the government’s own website of recipients of the 2020 New Years Honours. These addresses included high profile celebrities, politicians and senior government officials. The incident was publicly branded a completed disaster. In our opinion the status of those people does add to the new worthiness of the story, however actually any breach in data should be treated with the severity of this.
Questions were asked on why no final checks were carried out on the document prior to it being published and other quite simple preventative measures not implemented on such sensitive data. How many other processes lack that level of care and attention?
Whilst there are lots of systems and accreditations you can have to demonstrate compliance – the question is how do you actually turn those into measures to prevent a breach which can be human or system error led. Is any system completely fool proof?
Last year we acquired the Cyber Essentials Accreditation – which in itself doesn’t prevent data breaches but the processes we put in place to acquire the accreditation and retain it do. These are regularly audited and monitored by an external IT security specialist.
To help prevent data breaches in your organisation we have put some ideas together to avoid all types of breach including the one recently experienced on the New Years Honours List:
- Have in place documented processes and procedures for handling, storing, sending, sharing and deleting data.
- Ensure all staff are trained and refreshed regularly on these.
- Implement systems which help control data processing including reminders and prompts to cleanse data, retain files, delete relevant files and remove sensitive information
- Put in place controls and checks at release points into the public domain – sign off must be issued for all data released publicly onto a website or similar medium.
- Identify phishing emails through training staff to spot scams
- Install anti-malware, ransomware and anti-virus protection on every machine
- Increase password security.
- Make sure confidential information stays confidential.
- Conduct regular tests and audits.
If you would like any further help or guidance on data protection, achieving Cyber Essentials or ISO 27001 the Information Security Management System accreditation – please do get in touch, we’d be happy to help.