Data protection for companies

Data protection for companies

Data protection in companies and information security in general, are transcendental aspects in any type of company, whether it is a giant or an establishment in your neighborhood.

Firstly, because compliance with data protection is mandatory for any company, regardless of its size. It is true that the implications are usually lower the smaller the size of a company, but above all, taking into account its activity, since a company dedicated to health issues (e.g. clinics) is more affected by the Data Protection Law than a furniture manufacturing company.

Secondly, because nowadays, a company depends on its data (business contacts, contracts, orders, invoices, quotes, etc.) and if at any time this information were to cease to be under control (e.g. information hijacking) or confidentiality were to be breached (e.g. unauthorized access to patient, employee or customer data, etc.), it would be a real hell, for any company, but especially for SMEs that have fewer resources, but also less awareness, sensitization and training.

Data protection and in-company training

As we already know, the myth that only large companies can be the target of a cyber-attack has been overcome; we know that we can ALL be the target of an attack on our information systems (servers, computers, etc.) and suffer the consequences, which can be devastating if we have not previously taken preventive and mitigation measures, as well as having been trained in the matter, as well as the employees who use our information system.

Undoubtedly, promoting a culture of Data Protection and Cybersecurity in our company, based on good practices in all its components, is the right path to walk every day and the one that will also ensure you avoid penalties.

And we will show you the way here with these easy steps:

Implement your Data Protection Policy in the company:

You already know that Business Adapter has prepared a Data Protection Policy for you.

Applying its measures will be easy for you and will ensure information security and data protection.

Every employee should be aware of this from the first day he/she works for the company.

Use original software:

We already know that cheap is expensive and that when you get something for free it is because the price is you and the data you collect without scruples.

So you should always count on original products with the manufacturer’s license of use, it is the guarantee of who supports it, and you will be able to go to the manufacturer in case of having problems in its use or service.

Up-to-date software:

Our software acts as the brain of all our operations, or if you prefer, it is the safe of all our information, so it is very important that it is up to date, since such updates make the security systems, among others, work properly.

We recommend that you enable automatic updates.

Secure and non-reusable passwords:

Passwords are more secure the longer they are and the more characters they combine (capital letters, symbols, numbers). Find out how many seconds it takes to crack your password: here.

But not only the passwords to log in to your PC, we are also talking about your email passwords, all the software and web pages you use.

Don’t use the same one for everything, because if they decipher it, they will access everything you hold dearest.

Changing them every three months is also a good practice.

Remote access to corporate services:

Teleworking is already a reality in most companies, and this means that we have to access from outside the office to the server and any cloud service that is necessary for the performance of our work, so that we do it from a secure space, using authorized access, secure networks (VPN), will be a guarantee.

Cloud security:

When using a cloud service, we must review the contract regarding the security measures offered by the provider, as well as the service level agreements, since we cannot forget that when using this type of service, we share security responsibilities with the provider, and it is very important that it offers us an optimal level of security for storing our information.

Encrypt information:

It is one more security measure that can be implemented in an easy and inexpensive way in our company. It protects the information since it can only be accessed by means of the keys that are developed for this encryption, being known by the sender and the receiver. It is recommended to use the asymmetric encryption system, where two types of keys are used, a public one, which can be shared or revealed, and a private one, which must not be known by anyone except the receiver. The document signature technique can also be used, where the sender is certified, who uses the private key, and the receiver verifies receipt of the document with the public key.

Antispam in the e-mail:

Email is an open door to our information, since it is very likely that if we have a cyberattack it will be through them, mainly because of the attached files that may be infected. Different types of security protocols can be used (SPF(Sender Policy Framework), DKIM(Domain Keys Identified Mail), DMARC(Domain-based Message Authentication, Reporting and Conformance).

Training:

The human factor is the most important because they are the ones who may or may not put the information at risk if they do not know how to use, protect and safeguard it.

The most important thing is to train your employees to know the rules of data protection to comply with in the company, to identify emails of dubious origin, analyze the headers of emails, identify if it is from a known sender, never open attachments if we are not sure who sent the email, and in the case of having to use a link, do not open them from the email sent, but open them directly on the web, typing the email address.

The constant training of IT equipment (ICT) is vital, since technology is advancing very quickly and we must be prepared to deal with any incident, for which it is necessary to be aware of the latest developments in the types of attack, how to solve them and avoid major damage to our company.

Sign up for cybersecurity newsletters (e.g., INCIBE newsletter) and for data protection recommendations (e.g., GDPR newsletter).

Separation of environments:

Using firewalls or demilitarized zones (DMZ).

Performing backups:

If all of the above do not work, the only thing that will save us from catastrophe are backups.

If copies are made daily, less information will be lost.

If you use the 3-2-1 rule you will be infallible: it consists of making three complete copies, two of them stored locally, but on different devices, and at least one copy stored off-site and disconnected from the main information system.

Business Adapter® at your service

If you are a customer and need help, contact your consultant.

If you are not yet a client and you want us to help you to make your company compliant with Data Protection, contact us by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:

[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]

Contact us, we will be pleased to help you.
error: Content is protected !!