Just before the summer of 2018, the EU introduced the General Data Protection Regulation, better known as GDPR.
Whilst this was not the birth of digital security, it was a huge moment for the revolution and introduced some legal precedent that has helped to make businesses more accountable, especially in an age where data equals power.
Previously: What is GDPR and How Does it Affect You?
In this article, we are going to explore some of the best office practices for digital security, or at least some methods that have proved popular, such as going ‘paperless’, paying more attention to document security, and researching staff behaviours to see where you are more vulnerable.
Is a ‘paperless’ office a good thing?
Here at Enviro Waste we support the transition of businesses to a paperless office, however, we have to be fair to the discussion and highlight the fact that it does present drawbacks. For physical resource efficiency and environmental management systems, reducing paper waste is obviously a good thing, and something we are keen to present to customers.
As well as this, there are cost savings to be made on paper, including the paper itself, the waste management costs, shredding costs, and the printing or photocopying costs that generally go hand in hand with office paper usage.
The speed and efficiency of information transactions between staff or customers are rapidly improved by removing paper from the communication streams and instead communicating over wifi. This also allows for a more mobile workforce who do not necessarily need to work in one place because of the physical data and information stored locally on paper.
Some paperless issues
Of course, for all of the positives (and there are even more than we’ve mentioned), there will also be some drawbacks. With digitally stored information comes the inherent risk that hackers might try and steal that data for their own purposes, often malicious. Another issue with the digital world is that it is fallible, it relies on electricity or battery, as well as falling prey to software or hardware issues.
Hopefully, this final issue is something that we can eradicate, but there are still many customers who want physical paper copies, whether it be receipts, catalogues, information, contracts, or more. The amount of paper wastage created by these activities is extraordinary, especially in a time when mobile apps can all do the same thing in a better way. Think of the trees…
Why is document security so important now?
Perhaps the reason document, data, and digital security are so pivotal now is that GDPR applies both to hard copy paper files as well as electronically stored data. Because of all of these new regulations and considerations, businesses have hired extra IT people, extra lawyers, and in general extra help to make sure they stay compliant. The dangers of getting it wrong can be very expensive.
Digital Security Considerations
Here are six digital security considerations you must make when it comes to processing or managing documents and information containing personal data:
- Any information used must be processed in a way that is lawful, fair, and with the correct usage.
- The information that is collected can only be used for the reason that consent was initially given.
- The minimum number of copies of documents and information should be stored to fulfil the request or process previously consented.
- Data should always be accurate and allow the data subject the opportunity to update or rectify it if not.
- Once compliance or consent requirements have passed, the information or document should be destroyed.
- Any processing, storing, or reviewing of personal information must be done in a confidential way, acting with integrity. This must be provable.
Let’s be honest, it can be a bit confusing, and whether you go paperless or not, you still have to keep an eye on all of these things. The best thing you can do is to get a Data Officer (or similar profession) to come and get everything in order. It’s hard to know what information is stored and where at all times. Introducing some strong and secure processes can save you from serious trouble in the long run.
15 professional security questions for small to medium businesses
To finish off this article, we’ve put together 15 questions that support digital security, but are not necessarily related to GDPR. Simply encouraging your teams to answer these 15 questions with a YES/NO answer next to each one will give you a good indication of how secure you are.
- Do you use personal information in your passwords, such as family names, phone numbers, birthdays, or addresses?
- Do you create long and complex passwords that combine numbers, letters, and special characters?
- Do you use different passwords for multiple systems, access points, or websites?
- Do you change your password every three months?
- Do you ever use password management apps to help make your passwords more secure?
- Do you use double authentication when possible?
- Do you know what social engineering is and how to protect against it?
- Do you use anti-virus and anti-malware software?
- Do you use passcodes or biometric authorisation to protect access to your digital devices?
- Do you use multifactor authentication for access to any systems, apps or websites?
- Do you ever access sensitive data on your mobile device using an unsecured wireless network?
- Do you have tracking turned on for your mobile devices so that you can locate them if lost or stolen?
- Do you use double authentication (such as biometrics) to access sensitive data such as emails or banking apps?
- Are you continuously backing up your data?
- Are you engaged in any cybersecurity education to make you aware of threats and how to protect against them?
Did we miss anything, or is there something you’d like us to cover in the future?
Please use the contact form below to share your suggestions.