Data protection tips and traps

With Data Protection Day fresh in our minds, we have summarised some tips and traps around data security…

Paul Smith

Head of Quality & Compliance

Treat all assets the same

You lock your car, you lock your front door (and look to check the windows are closed) when you go out and if you’re the last to leave work, you set the alarm. These things are a given. But we don’t always take the same approach around the security of intangible things such as data and personal information. 

Data breaches and information theft are rife. Protecting what we can’t always see should be given the same attention as protecting valuable personal items and workplace assets. Data is as valuable as ‘stuff’. 

Data Protection Day

28 January is Data Protection Day (Data Privacy Day in the US) – established in 2007 and now recognised in more than 50 countries. It’s an annual reminder about awareness and education, and the value of data for individuals, businesses, and people who work in government and the not-for-profit sector. 

Data breach damage

A security breach resulting in lost or compromised data can be disastrous. Things will need fixing quickly, but there will likely be both short and long-term issues to consider: 

  • Downtime, cease/pause trading for some (undefined) period 
  • Employee time managing and fixing the issue  
  • Cost and availability of external support to function fully again  
  • Staff morale (and possible impact on recruiting) 
  • Public perception, share price 
  • Consumer, trading partner and supplier confidence – loss of trade, termination of supply agreements etc 
  • Data ends up in the wrong hands  
  • Potentially paying a ransom to get data back 
  • Fines, possible compensation to be paid 

Individuals and organisations fall victim on a regular basis. September 2022 data makes for worrying reading, as does GOV.UK’s Cyber Security Breaches Survey 2021. 

The risks? Where are you exposed?

Name of your first pet, town where you were born, street where you grew up, star sign, favourite place…?  We’ve all seen these things doing the rounds on social media. And we’ve all seen the “I’ve been hacked!” posts from friends. You wouldn’t leave your front door open when you went on holiday and you wouldn’t set a four-digit security code at 1234 or 0000, so why give away personal information that may help a hacker? 

Phishing is common. The scattergun approach to gathering potentially useful information pays off for some scammers. Incoming emails with attachments and links are a risk (I had one as I was writing this – asking me to open an attachment relating to something I’d supposedly ordered). Don’t know the sender? Bin it. If it’s legit they’ll find another way of reaching you. Often when you’re out you’ll see a message on your phone about free public Wi-Fi in the area. If you’re working, sharing personal information or just about to use a credit card, don’t. Free public Wi-Fi is notoriously susceptible to hacking. Dodgy attachments or links in phone messages are becoming more common. Don’t open them unless you know who it’s from. A common ruse is to tell you that a package needs delivering, asking you to click on a link. Another common scam comes from an unknown mobile number – the message claiming to be from a relative or friend using a new phone. The physical loss of a phone, iPad or laptop can also lead to the loss of data or personal information.

Protective layers and barriers

When protecting a home adding layers of security (a dog, fence, porch, high hedges at the back, window locks, alarm etc) helps. Layers of protection can be put in place around data – which if not quite rock solidly guaranteeing 100% security against cyber-attack will considerably reduce the chance of a successful breach. 

So, what are some of the things you can do? 

  • Choose a strong password. Three random words is good, as is a combination including a capital letter, lower case letter, number and special character. 
  • When your data security or IT people advise a certain course of action, follow it. They know their stuff and they’re giving you advice for good reason. 
  • Know the difference between http and https websites. http sites are a risk. 
  • Consider your online security the way you would physical security. Eliminate or reduce potential access points to personal information and data.  
  • Consider your digital trail. Every time you ‘accept cookies’ or allow an organisation to know your location you’re giving information away. Even just having your phone with you means you’re leaving a trail.  
  • Introduce MFA (multi-factor authentication) – which requires at least two entry points, and UBA (user behaviour analytics) – which is self-explanatory but, for example, will raise a flag if Mr J (who normally logs on between 8am and 9am in south-east or central London) suddenly logs on at 11pm in Lancashire. Is it really Mr J or has his account been compromised? 

Vigilance is key

“100% secure” is a laudable goal, but possibly unrealistic over many years. But “far more secure and prepared” is a realistic, achievable goal – short, and long-term. Ongoing vigilance, adaptability and awareness are the keys to reducing the risk of a successful cyber-attack.  

Leaving your business potentially exposed is too great a risk to take. Support is available from a variety of sources – government, professional bodies and specialists. Grosvenor Technology has been protecting businesses data since 1989 and in 2021 was awarded ISO 27001 certification. 

The Significance Of Data Security

Security of PII data has become a critical element for global organisations. The introduction of biometric security legislation and laws (GDPR, CPRA) in many countries has demonstrated the need to ensure that the capture, processing and storage of data must be a core part of any organisations’ strategic security plans. Class action lawsuits that have been taken against companies that have failed to maintain compliance clearly demonstrates just how employees are becoming increasingly aware of the rights and obligations of their employers.   

The security of our devices and the GT Connect platform is an essential aspect for any organisation addressing compliance with current (and future) legislation. The tight integration of our devices into the GT Connect platform ensures that very high levels of data security and encryption is applied at every stage of the workforce data management process. 

Find out more about our human capital management solutions here and how we can work with you to ensure that you stay compliant at all stages of data capture.