Aware of the escalating significance of data protection in the digital age, customers are becoming increasingly vigilant about safeguarding their personal information. However, amidst this heightened awareness, companies have an opportunity to earn and maintain trust by providing clear and transparent explanations of how they intend to use customer data. Gone are the days when customers passively accept vague assurances buried within lengthy user agreements. Today, they demand transparency and accountability regarding data usage, driven partly by a general sense of skepticism towards companies that may not always prioritize customer benefits when leveraging data.

Indeed, not all data is perceived equally by customers. While there’s a growing comfort level with companies collecting first-party data directly from their platforms, such as website clicks or interactions, there’s often greater apprehension about third-party data sourced from external data brokers. This disparity in perception underscores the importance of companies being mindful of the origin and nature of the data they collect, respecting customer preferences, and ensuring transparent data practices.

Amidst the evolving landscape of data protection, the imperative for securing sensitive personal information has never been more critical. What was once solely a concern for businesses has now become a shared responsibility for consumers and individuals alike. With an abundance of information available on data protection measures, ranging from safeguarding passwords and financial details to protecting devices from hackers and malware, individuals are inundated with advice. Yet, navigating this sea of information can be daunting, especially for those less technologically savvy.

In response to this challenge, we’ve compiled a comprehensive list of 32 simple and practical tips for enhancing data security and protecting personal information. These tips encompass a wide array of measures, including encrypting data, backing up data regularly, ensuring the permanent deletion of old computer hard drives, securing wireless networks, using firewalls, and encrypting data on removable storage devices like USB drives and SIM cards.

Furthermore, our list provides guidance on protecting data while working remotely, covering topics such as using virtual private networks (VPNs), maintaining physical control over devices, employing personal hotspots, separating personal and work devices, and implementing cybersecurity policies. Additionally, it delves into security best practices for video conferencing, identifying and avoiding phishing emails, installing antivirus and malware protection, and securely disposing of old IT equipment and records.

By adopting these practical measures, individuals and businesses can fortify their defenses against cyber threats and data breaches, thereby safeguarding personal information and preserving trust with customers. In an era where data privacy is paramount, proactive steps towards data protection not only mitigate risks but also demonstrate a commitment to ethical and responsible data practices. As technology continues to evolve, cultivating a culture of data security and privacy awareness remains essential for fostering trust and confidence in the digital ecosystem.

Keeping your passwords, financial, and other personal information safe and protected from outside intruders has long been a priority of businesses, but it’s increasingly critical for consumers and individuals to heed data protection advice and use sound practices to keep your sensitive personal information safe and secure. There’s an abundance of information out there for consumers, families, and individuals on protecting passwords, adequately protecting desktop computers, laptops, and mobile devices from hackers, malware, and other threats, and best practices for using the Internet safely. But there’s so much information, from using a virtual private network (VPN) to using unique and strong passwords or an antivirus software, it’s easy to get confused, particularly if you’re not tech-savvy. We’ve compiled a list of 101 simple, straightforward best practices and tips for keeping your family’s personal information private and protecting your devices from threats.

---

 

Securing Your Devices and Networks

 1. Encrypt your data

Data encryption isn’t just for technology geeks; modern tools make it possible for anyone to encrypt emails and other information. “Encryption used to be the sole province of geeks and mathematicians, but a lot has changed in recent years. In particular, various publicly available tools have taken the rocket science out of encrypting (and decrypting) email and files. GPG for Mail, for example, is an open source plug-in for the Apple Mail program that makes it easy to encrypt, decrypt, sign and verify emails using the OpenPGP standard. And for protecting files, newer versions of Apple’s OS X operating system come with FileVault, a program that encrypts the hard drive of a computer. Those running Microsoft Windows have a similar program. This software will scramble your data, but won’t protect you from government authorities demanding your encryption key under the Regulation of Investigatory Powers Act (2000), which is why some aficionados recommend TrueCrypt, a program with some very interesting facilities,” explains John Naughton in an article for The Guardian. Twitter: @guardian

2. Backup your data

One of the most basic, yet often overlooked, data protection tips is backing up your data. Basically, this creates a duplicate copy of your data so that if a device is lost, stolen, or compromised, you don’t also lose your important information. As the U.S. Chamber of Commerce and insurance company Nationwide points out, “According to Nationwide, 68% of small businesses don’t have a disaster recovery plan. The problem with this is the longer it takes you to restore your data, the more money you’ll lose. Gartner found that this downtime can cost companies as much as $300,000 an hour.” Twitter: @growwithco

3. Make your old computers’ hard drives unreadable

Much information can be gleaned through old computing devices, but you can protect your personal data by making hard drives unreadable before disposing of them. “Make old computers’ hard-drives unreadable. After you back up your data and transfer the files elsewhere, you should sanitize by disk shredding, magnetically cleaning the disk, or using software to wipe the disk clean. Destroy old computer disks and backup tapes,” according to the Florida Office of the Attorney General. Twitter: @AGPamBondi

4. Secure your wireless network at your home or business

A valuable tip for both small business owners and individuals or families, it’s always recommended to secure your wireless network with a password. This prevents unauthorized individuals within proximity to hijack your wireless network. Even if they’re merely attempting to get free Wi-Fi access, you don’t want to inadvertently share private information with other people who are using your network without permission. “If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router,” says FCC.gov in an article offering data protection tips for small businesses. Twitter: @FCC

5. Use a firewall

“Firewalls assist in blocking dangerous programs, viruses or spyware before they infiltrate your system. Various software companies offer firewall protection, but hardware-based firewalls, like those frequently built into network routers, provide a better level of security,” says Geek Squad. Twitter: @GeekSquad

6. Encrypt data on your USB drives and SIM cards

Encrypting your data on your removable storage devices can make it more difficult (albeit not impossible) for criminals to interpret your personal data should your device become lost or stolen. USB drives and SIM cards are excellent examples of removable storage devices that can simply be plugged into another device, enabling the user to access all the data stored on it. Unless, of course, it’s encrypted. “Your USB drive could easily be stolen and put into another computer, where they can steal all of your files and even install malware or viruses onto your flash drive that will infect any computer it is plugged in to. Encrypt your SIM card in case your phone is ever stolen, or take it out if you are selling your old cell phone,” according to Mike Juba in an article on Business2Community. Twitter: @EZSolutionCorp

7. Disable file and media sharing if you don’t need it

If you have a home wireless network with multiple devices connected, you might find it convenient to share files between machines. However, there’s no reason to make files publicly available if it’s not necessary. “Make sure that you share some of your folders only on the home network. If you don’t really need your files to be visible to other machines, disable file and media sharing completely,” says Kaspersky. Twitter: @kaspersky

8. Create encrypted volumes for portable, private data files

HowToGeek offers a series of articles with tips, tricks, and tools for encrypting files or sets of files using various programs and tools. This article covers a method for creating an encrypted volume to easily transport private, sensitive data for access on multiple computers. Twitter: @howtogeeksite

9. Overwrite deleted files

Deleting your information on a computing device rarely means it’s truly deleted permanently. Often, this data still exists on disk and can be recovered by someone who knows what they’re doing (such as, say, a savvy criminal determined to find your personal information). The only way to really ensure that your old data is gone forever is to overwrite it. Luckily, there are tools to streamline this process. PCWorld covers a tool and process for overwriting old data on Windows operating systems. Twitter: @pcworld

10. Don’t forget to delete old files from cloud backups

If you’re diligent about backing up your data and use a secure cloud storage service to do so, you’re headed in the right direction. That said, cloud backups, and any data backups really, create an added step when it comes to deleting old information. Don’t forget to delete files from your backup services in addition to those you remove (or overwrite) on your local devices. “If you back up your files to the cloud, remember that even though you delete them on your computer or mobile device, they’re still stored in your cloud account. To completely delete the file, you’ll also need to remove it from your backup cloud account,”

Protecting Data While Working Remotely and Working from Home

11. Consider using a VPN

A VPN can help keep your data and personal information secure, especially for those working on less secure networks. According to Firsthand.co, “A VPN will encrypt any data that you send over the web. That being said, your VPN provider remains with your browsing history. You can never be too sure what someone does with that information. That’s why it’s wise to ensure that you’re using a trusted VPN such as NordVPN or Bitdefender, both available on Windows, macOS, Linux, Android, and iOS, and has extensions for Chrome and Firefox. NordVPN guarantees faster connection speeds and security over six devices simultaneously.” Twitter: @FirsthandHQ

12. Maintain physical control over your devices

Theft of devices such as laptops and smartphones is prevalent in some public locations. “Take your laptop with you everywhere, and if you’re feeling tired and think you’ll fall asleep in the lounge between flights, put your laptop into secure storage,” explains WorkflowMax. Twitter: @WorkflowMax

13. Use a personal hotspot

A personal hotspot can be set up with most major wireless carriers and provides a more private alternative compared to public Wi-Fi. Critical Insight explains, “Although your web traffic will be unencrypted between the hotspot and its destination, using a hot spot does eliminate the problem of getting hacked by people on the same public Wi-Fi. With most major carriers, you can pay a nominal fee for the capability to set up a private Wi-Fi network with your cell phone. Of course, it will count against your data, but the cost is minimal relative to the potential downside of a significant hack to your company’s systems or computer.” Twitter: @detectrespond

14. Maintain clear separation between personal and work devices

Employees that have dedicated devices for work should use those devices only for work purposes. “The temptation to use personal devices for work purposes (and vice versa) can be much higher for employees that work from home, and that’s why education is key. Many companies routinely install updates, complete antivirus scans, or block websites on verified work devices, but these safeguards won’t make it to personal laptops and phones. Stay proactive about following all the cybersecurity guidelines your company has in place, including keeping your work devices separate from your personal life. In the event that you do need to use a personal device for work, contact your company security team to ensure you have as many safeguards set up as possible,” FormAssembly recommends. Twitter: @FormAssembly

15. Implement a cyber security policy

It’s crucial for companies to not only implement a cybersecurity policy for remote workers but also ensure that employees are aware of their role in keeping company data secure. “The policy document should cover the reasoning behind having a policy in the first place, as well as details outlining all of the various security protocols employees are expected to comply with, how the company will support them in complying (i.e., which tools and resources they will provide), and a place for the employee to sign their commitment to following the policy,” explains Laura Spawn, CEO and co-founder of Virtual Vocations, in an article published by CMS Wire. Twitter: @cmswire

16. Use encryption

Scale Technology suggests encrypting emails, as they are often a target of cyberattacks. “Through encryption, content is disguised, so any sensitive information that comes up in a conversation will be seen only by the designated recipient. Password management can also be encrypted. By using a system to encrypt password management, sharing passwords can be made simple among team members. Individual passwords get shared without anyone seeing the actual password. This is especially helpful if a team member leaves the business for any reason.”

17. Implement access control

Remote employees should have access only to the systems and data that they need to perform their job duties. Nira explains, “Implementing limited remote access to confidential and sensitive data on a need-to-know basis can help reduce security risks and prevent a severe security breach from occurring when working remotely.”

18. Use a mobile device management platform

Lane Technology Solutions suggests employees should keep their devices secure with firewalls, antivirus software and anti-malware. “Companies might also want to have the ability to remotely wipe devices in case they are lost or stolen. Having mobile device management platforms in place allows remote workers to continue to use their own devices while ensuring the safety of company data.”

19. Follow security best practices when using video conferencing applications

Videoconferencing is now a staple of the modern workplace, but if security practices aren’t followed, sensitive data may be at risk. JD Supra explains, “With the number of meetings being conducted virtually, it is important to secure video conferencing applications, including by checking meeting links, requiring a password to enter each meeting, using virtual waiting rooms, locking rooms once a meeting has started, ensuring that screen sharing/recording and file sharing are controlled solely by the meeting organizer, and consistently reviewing attendee information during a meeting to ensure that only those invited are participating.” Twitter: @JDSupra

20. Ensure that remote workers are educated about phishing

Remote workers are often a target of phishing attempts. According to an article published by Business News Daily, “Many scammers send phishing emails with the intent to steal sensitive information from the recipient or the company. Especially in complicated times – like the novel coronavirus pandemic – phishers are hoping to take advantage of trusting victims. They’ll often pretend they’re someone within the company, like the CEO or a manager, to establish false trust. Remote workers are easy targets because they’re not in the office and, therefore, hackers are hoping they won’t check to see if the email is legitimate.” Twitter: @BNDarticles

21. Consider using hardware security keys

SSO solutions are increasingly popular to centralize the access control of various systems, but they can pose additional risks. Time Doctor explains, “But that’s not a reason to avoid using an SSO solution. It’s a reason to eliminate passwords as a weak point to be exploited by attackers. And it’s quite a weak point. According to a report, a full 81% of successful data breaches that year involved a compromised password. The good news is that there’s a solution to the problem: hardware security keys. These are physical devices that contain complex, encrypted passwords to access digital systems. By giving them to employees and making them the default method of authentication with an SSO solution, two-factor authentication, the odds of a data breach go down dramatically.” Twitter: @TimeDoctorApp

Most small businesses hold personal information and conduct business on electronic devices. It’s vital to the reputation and day-to-day running of your business that you keep the information safe and away from prying eyes. Don’t be complacent – poor security can leave you and others vulnerable, and cyber-attacks affect businesses of all sizes.

Here are some practical steps you and your staff can take to improve your data security.

1. Back up your data

You should back up your data regularly. If you’re using an external storage device, keep it somewhere other than your main workplace – encrypt it, and lock it away if possible. That way, if there’s a break-in, fire or flood, you’ll minimise the risk of losing all your data.

Check your back-up. You don’t want to find out it’s not worked when you need it most. Make sure your back-up isn’t connected to your live data source, so that any malicious activity doesn’t reach it.

2. Use strong passwords and multi-factor authentication

Make sure you use strong passwords on smartphones, laptops, tablets, email accounts and any other devices or accounts where personal information is stored. They must be difficult to guess. The National Cyber Security Centre (NCSC) recommends using three random words

.

Where possible, you should consider using multi-factor authentication. Multi-factor authentication is a security measure to make sure the right person is accessing the data. It requires at least two separate forms of identification before access is granted. For example, you use a password and a one-time code which is sent by text message.

3. Be aware of your surroundings

For example, if you’re on a train or in a shared workspace, other people may be able to see your screen. A privacy screen might help you. In the same way you would secure your screen, be mindful of what you say on a telephone.

4. Be wary of suspicious emails

You and your staff need to know how to spot suspicious emails. Look out for signs such as bad grammar, demands for you to act urgently and requests for payment. New technologies mean that email attacks are becoming more sophisticated. A phishing email could appear to come from a source you recognise. If you’re not sure, speak to the sender. NCSC provide useful training materials

 to help you and your staff recognise suspicious emails.

5. Install anti-virus and malware protection

And keep it up-to-date. 

You must make sure the devices you and your employees use at home, or when you’re working away, are secure. Anti-virus software can help protect your device against malware sent through a phishing attack.

6. Protect your device when it’s unattended

Lock your screen when you’re temporarily away from your desk to prevent someone else accessing your computer. If you do need to leave your device for longer, put it in a secure place, out of sight.

7. Make sure your Wi-Fi connection is secure

Using public Wi-Fi, or an insecure connection, could put personal data at risk. You should make sure you always use a secure connection when connecting to the internet. If you’re using a public network, consider using a secure Virtual Private Network (VPN).

8. Limit access to those who need it

Different workers may need to use different types of information. Put access controls in place to make sure people can only see the information they need. For example, payroll or HR may need to see workers’ personal information, but your sales staff won’t.

If someone leaves your company, or if they’re absent for a long period of time, suspend their access to your systems.

9. Take care when sharing your screen

Sharing your screen in a virtual meeting may show your device to others exactly as you see it, including any open tabs or documents. Before sharing your screen, you should close anything you don’t need and make sure your notifications and pop-up alerts are switched off.

10. Don’t keep data for longer than you need it

Getting rid of data you no longer need will free up storage space. This also means you have less personal information at risk if you suffer a cyber-attack or personal data breach.

11. Dispose of old IT equipment and records securely

You must make sure no personal data is left on computers, laptops, smartphones or any other devices, before you dispose of them. You could consider using deletion software, or hire a specialist to wipe the data.