Is My Data Safe – 5 Questions Your Charity Needs to Ask
- Data security is important – being mindful of risks and mitigations can save you stress time and money
- If you have responsibility for safeguarding other people’s data, security should be your number one priority – even if that makes your job harder to do. Being data secure is not complex, but for those with stressful jobs and limited time, it can feel like an onerous responsibility. We all have moments when the easiest way to complete a task is less data secure, so keep in mind these simple rules around data security.
- If it feels wrong, if you have any doubts, don’t do it
- Shortcuts are usually responsible for poor security, they will come back to bite you!
- Don’t let other people pressure you into being less secure – take responsibility
- Don’t let the prevailing culture of an organisation lull you into thinking insecure practices (see below for examples) are acceptable
- Do be confident and vocal about the precautions you take and encourage others to do the same.
You can ask yourself the following questions:
How strong is my password?
Automated attempts to breach security often focus on cracking users passwords
- Passphrases are better than passwords – easy to remember and more secure
- Never share your password
- Never leave a password on a laptop or PC
- Check password strength here: https://howsecureismypassword.net/
You could be surprised at the results!
- Don’t re-use the same password for multiple resources
- Never, ever use obvious passwords, such as variations of the word “Password” such as “P@ssword”, “P@ssw0rd” etc
- Try as much as possible not to save passwords in your browser
Is my data backed up?
- Ask yourself what would happen if my device was lost, stolen, compromised or was suddenly broken beyond repair
- Important data should be backed up regularly to an external device or drive
- Make sure you are aware how long it would take to recover your data in case of a disaster, so you can plan accordingly
- Cloud storage can provide an ideal backup solution and can be a better way to store your data in the first place, meaning there is minimal risk of loss due to compromised local devices.
Is my software up to date?
- Out of date software and frameworks are vulnerable to attack
- Always ensure your machines are set to take the latest updates immediately
- Never use software (such as XP) that is out of support to store or process data
- Ensure you have up to date anti-virus and anti-malware programs on all of your devices, scheduled to scan regularly
There are many brilliant free solutions – see here: http://www.techradar.com/news/software/applications/best-free-anti-spyware-and-anti-malware-software-1321656
Do I know my data?
Your data will not all be sensitive, and will not all be subject to the restrictions imposed by the data protection act. If you are not sure what constitutes personal or sensitive data you should check here: https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/
- Always be aware when data you are using or storing falls under these definitions
- If you’re not sure, check!
- Minimise sharing or using personal data as much as possible
- Avoid retaining personal or sensitive data that is of no use to you, but could be to someone with nefarious intent
- Obfuscate personal data when using for anything other than it’s intended purpose – ie testing or troubleshooting
Where is my data?
We are often required to share our own data and data we are responsible for with others as part of our work. Such data sharing presents a risk to data security and should only be done if absolutely justified, and you should always ensure you have the authority to do so.
When you share data:
- Sensitive or identifying data should be obfuscated unless it is absolutely required
- Files should be encrypted and password protected for transfer, here’s a guide to getting started: http://uk.pcmag.com/encryption-products/83976/guide/the-best-encryption-software-of-2017
- Never send passwords or keys for encrypted files in the same or subsequent emails
- Share as little as possible and always be aware where your data is going, be certain of the identity of the party receiving shared data.
- Printed copies of identifying data should be destroyed securely after use
Is my data encrypted?
Modern tools and software freely available make it easy to encrypt your data to prevent it falling into the wrong hands. If your laptop or PC is likely to have sensitive data on it, you should consider taking advantage of these. Such solutions will prevent a disaster the next time you leave your laptop on a bus, or have your premises burgled.
- Windows users should consider using Microsoft’s built-in solution bit locker which offers the user the choice of full machine encryption, or encryption for a specific drive which can be used to store sensitive data
- Apple’s OS X operating system has a similar facility called file vault.
- Other programs are available for more selective encryption that are useful for transferring files and sharing sensitive data. See here: http://www.techradar.com/news/top-5-best-encryption-tools