27001`

6 ways to prevent data interception and theft

July 2nd, 2019 By Marketing

Data security should be amongst the most important protocols for any company. 70% of small organisations believe they are safe from the targeting of data theft or misuse. This is very rarely the case. If your organisation holds data on individuals or companies, then you are a target for data theft, no matter your company size or the industry you are in.

Being a victim of data abuse can severely damage your company’s reputation in the short and long term, and if the data theft is a result of your negligence, then you can even face prosecution.

There are many ways to prevent data interception and theft, if you follow these data security measures you will mitigate the chances of your data being compromised:

1. Train your employees

Untrained staff can lead to innocent mistakes which, in turn, can cause dangerous data breaches. In fact 88% of UK data breaches are caused by human error. Only 12% of data breaches are actually a result of malicious attacks – UK’s Information Commissioner’s Office (ICO). By making training mandatory, you can ensure that all of your staff understand the importance of data security and comply with the processes you put in place. This will greatly reduce the chances of individuals errors.

2. Use strong password protection and two-factor authentication

Have strict rules on the format of passwords and encourage staff to use random words rather than words with a personal resonance. For extra security, put systems in place that ensure these are changed every 2 months, and that they cannot use the same password again. Where possible, always use 2-factor authentication to log in to any system you have that contains sensitive data.

You could also use a password manager browser extension, such as Dashlane, Lastpass or Keeper Security. These all have two-factor authentication and allow you to create random passwords and save them to your password vault.

3. Identify and classify sensitive data

Identify different types of data and in terms of how sensitive it is – categorise this data. By prioritising data in this way, you can grant and restrict access to employees where necessary, thus reducing the possibility of data interception.

For example, financial data might only need to be granted to the finance department or client communication might only be necessary for Sales team.

4. Properly dispose of sensitive data

Physical documents will need to be shredded to ensure the data is illegible. When getting rid of your devices – such as work phones, laptops, tablets or computers etc. all data must be wiped before they are disposed of or recycled.

5. Encrypt data

You could consider encrypting all the data on your laptop or computer, however, if you feel this is too extensive, you may choose to only encrypt files with the most sensitive data. Any data that is being transferred or emailed needs to be encrypted.

6. Be careful with personal devices

Whether it’s your staff bringing in personal devices, or visitors and clients bringing in their devices for a meeting, make sure these are connected to a different network to that used for your company computers. External devices can be infected with malware, and the owner may be unaware that their device is infected. Sensitive data can then be stolen if the device is connected to corporate networks.

These methods of data security management are important steps for your organisation to follow, and none are too complicated for any business to carry out. If you take data theft seriously, implementing ISO 27001 will ensure you have systems and processes in place so that you can ensure your data is highly secure. To learn more about how ISO 27001 can help your business, download our free guide.

ISO 27001 Guide A

Contact Us

For a free Quotation or On-Site presentation by an ISO Specialist, contact us today!

IMSM Ltd Head Office
The Gig House
Oxford Street
Malmesbury
Wiltshire
SN16 9AX

Tel: 01666 826 065
Subscribe to our newsletter to Stay in the know


Click here to view our Privacy Policy
* Mandatory Fields
ISO Consultants