client confidentiality, Data protection policy, AI


26th October, 2022

4 areas any robust data security policy should cover

No matter the size of your business, maintaining robust a data security policy is an important tool to help protect against theft or loss.

Businesses need to capture more data than ever, but as recent headlines show, it’s not always easy to securely store and maintain it.

Data loss or compromise can cost companies dearly: in fact, IBM research indicates the global average total cost of a data breach is around $4.35 million in 2022.

And with high-profile breaches occurring regularly, posing a threat to both individuals and organisations, the onus is on everyone to make sure the principles of data protection are understood and communicated clearly.

For businesses, the stakes are high, so the best thing to do is act now to incorporate security processes into a business-as-usual approach to data protection – and that includes the creation, review or updating of your data security policy.

READ: Data protection 101 for business decision makers

If you’re in the process of reviewing or writing a new data security policy, here are four key areas that should be covered if you’re to maintain vigilance against data theft, loss or leaks.

1. Advise on the proper use of devices

Provide direction on where and how your staff should keep their devices and tell them that if a company device is lost or stolen, you need to know immediately.
Keeping devices up-to-date with the latest software is also a core aspect of data protection your employees need to know about.

The Australian Cyber Security Centre recommends turning on automatic updates for operating systems, to regularly check for software updates when automatic updates aren’t available, and install software updates as soon as they arrive.

2. Create best practices for password security

Enable multi-factor authentication to make sure only legitimate people have access to your business data.

If you don’t have multi-factor authentication enabled, you may want to encourage employees to use passphrases (a longer, sentence-like string of words) instead of a short word.

Passwords can be very easy to guess, whereas a passphrase can be anything, making them highly secure while still being easy enough for the individual to remember.

Using a secure password manager may also be a good solution for your employees to stay on top of all their accounts.

3. Educate employees about phishing and other scams

Using an anti-spam filter limits the number of phishing emails that your employees may receive on their work accounts, but they still need to be alert to scams and business email compromise attacks.

Train your team to question the unusual, such as payment or personal information requests over email.

In these instances, employees should seek verification face-to-face or via another channel, because a cybercriminal may have infiltrated someone’s email and be impersonating them.

4. Don’t forget employee offboarding processes and policies

When staff leave your employment, they should return all their company devices and equipment.

In addition, it’s equally important to remove leavers as a user from company systems, so they’re not able to continue to access your business data and intellectual property for personal gain or the benefit of their new employer.

Act now to protect sensitive business data

Daily practices and constant rigor are crucial for reducing data security risks in all businesses.

It’s important not to leave matters to chance, but to put a proactive plan in place that incorporates data security, storage, back-up and recovery.

The final but perhaps most important element is your team. Whatever their role in your business, train your staff to do what they can to prevent data loss or leaks.