1 – Follow a rigorous password policy
The first method of protection is to restrict access to a workstation or file, via a username and password. This password must be unique, difficult to guess and, of course, it must remain confidential. Plus, it mustn’t be written down anywhere. A password should comprise at least eight characters, including a mix of letters, figures and special characters. A password should be changed every three months, or at the very least, frequently. If the password is assigned by a system administrator, the password must be changed by the user when they use it for the first time.
2 – Deploy a creation and deletion procedure for user accounts
So as to raise awareness amongst everyone involved and, eventually, to be able to trace back actions on a file, workstations and applications must be accessed solely by nominated accounts. These accounts must not be generic, and they should be properly personalised.
3 – Secure your workstation as much as possible
Set up your workstation to lock automatically after a certain period of inactivity (max. 10 minutes), so as to limit the risks of fraudulent use of your workstation or of an application while you’re away from your computer.
4 – Specifically identify who can access protected data
Make sure that access to the files grouping together personal data is limited to only the individuals who have legitimate need of it in completing their work. Update these names in the event of someone leaving or being transferred.
5 – Secure your internet access
The connections between the various sites of a single company are secure, by means of private links or VPN (virtual private network). Make sure that the wireless network is also secure, as these connections can be intercepted remotely. Beware of free WiFi access networks that you can use when travelling. Are they legitimate? Furthermore, make sure that your internet access is secure when making a payment (e.g. HTTPS website)
6 – Being prepared in the event of data loss or disclosure
As much as you try to avoid them, it’s always better to be prepared for events such as your laptop getting stolen, fires, water damage or hardware malfunctions. Your data must hence be stored on server spaces intended for this purpose, which are regularly backed up. Pay attention to the emails and text messages that you receive – don’t open any attachments or click on any links if you’re not certain of who the sender is. Click on the name to check the email address of the sender if you have any doubts.
7 – Use back-ups in case of incidents
Despite all the measures that you can put in place, there is no such thing as “zero risk”. You’re never completely protected from a virus, hacking or IT failures. Given this, it’s imperative that you have one or more recent back-ups, which are complete and secure, in order to quickly restore data in the event of an incident.