It seems that in the past few months, data security and data leaks have been in the headlines every other day. Between Facebook’s problematic leaking of millions of users’ private data, and the new GDPR, designed to protect this kind of sensitive information, data security is a must. As recently as June 6, a major recruitment website that handles millions of job applications around the world has made the news after a suspected data breach, which, if confirmed, would be one of the first such incidents since the GDPR came into force.
In an attempt to avoid the dreaded repercussions that can stem from infringing GDPR, tech giant IBM has introduced a measure for their employees to try to reduce the risk of their data being stolen or lost. As of the end of May, the company has banned its staff from using all removable storage devices, such as USB sticks, SD cards, and flash drives. Instead, IMB workers will now be obliged to move data over the company’s internal network.
With this measure, the company hopes to eliminate the financial and reputational damage which could occur in the case of misuse or exfiltration of this sensitive information. The company has cited the ease with which such devices can be lost or stolen as justification for this move.
Some people have praised the decision, pointing out that USB drives do present a serious risk to data security, as they provide a quick, easy way to extract data. It can also be difficult to trace USB usage, meaning that it can be hard to provide accountability for data stolen this way. Others have been more critical, calling the measure “a quick fix for a huge problem” such as data security, and highlighting that an outright ban such as this could lead to employees to find workarounds and create shadow IT.
How can I keep my company’s data safe?
Most companies don’t need to go as far as a blanket ban on one particular technology in order to keep data safe. Following a few simple pieces of advice will be enough for your business to be able to keep this sensitive information secure, as well as comply with new regulations:
1.- Make everybody aware of the risks
With stories about data being so commonplace these days, you may think that everyone in your company will know exactly what the risks associated with data protection are. However, you can never have too much of a good thing. Making sure everyone knows the dangers of being careless with this kind of information can keep your company from experiencing some serious problems.
2.- Encryp all devices
Encrypting any devices on which you carry personal or sensitive information provides an extra step in the security of this data. What is encryption? Simply put, it is a way of transforming data via an algorithm so that no one unauthorized can access it. Generally speaking, this process usually involves using a password to encrypt and decrypt files and devices, meaning that only authorized people can access them.
3.- Be aware of all devices connected to your network
How can you control what you don’t know is there? By drawing up a full inventory of laptops, desktop computers, handheld devices and so on that are on your network, you’re one step closer to having more control over how the data that you handle is processed.
With an ever increasing emphasis on data security, now is the time to make sure you know where it is, and who has access to it. With Panda Data Control, the personal data security module of Panda Adaptive Defense that helps you to comply with GDPR, you can know if anyone tries to copy or move personal information, be it via email, FTP, or USB devices. Not only that, but it also monitors all PII (personally identifiable information) on your system, so that you can know what you have and where you have it.