The Don’ts and Dos of Data Security
How to protect your business in an increasingly digital world
Your IT people can only do so much when it comes to protecting your data. The rest is up to the members of the team to do their part not only in protecting data but especially in not contributing to the system’s vulnerabilities.
Apart from basic measures like using reliable antivirus software and strong passwords, there are certain don’ts and dos to observe against cyber threats. We recommend institutionalizing these into your company protocol to make cyber protection part of your corporate culture.
1. DON’T use company email addresses beyond business correspondence.
Using your company email address to create online accounts or sign up to freebies and marketing materials makes your system vulnerable to malware attacks and poisoned links. Some companies sell your data so be careful whom you’re dealing with. Don’t be tricked into giving away confidential data that may put your business at risk.
DO watch out for suspicious emails.
Malicious emails commonly impersonate a person or organization and urge you to take immediate action such as verify your account, restart your membership, or claim your freebie. Delete such emails immediately and if your email provider has an option to block the sender, do so. Most importantly, never click on links or attachments that came from senders you don’t know or trust.
2. Don’t install programs on your work computer or plug in personal devices without approval from IT.
Like emails, malicious programs sometimes disguise as games, movies, series, even antivirus software to lure users into downloading them, which could eventually infect or infiltrate your network. If you think a particular software will be beneficial to your work, ask your IT people to look into it first. Similarly, connecting personal devices like phones, laptops, and flash drives pose a risk because they may not be protected with sophisticated software as work computers are.
DO become a limited user.
Cyber-attacks often start with perpetrators tricking users to give them access to the system. This could be something as seemingly inconsequential as visiting a website, which has hidden malware that can infect the system. However, if you are not the computer’s “administrator,” such tricks won’t work because only the computer’s administrator can make changes to the system’s software, thereby protecting it from unauthorized access.
3. Don’t leave sensitive information lying around.
Contracts, financial statements, client or supplier lists, and employee social security numbers are examples of confidential information. If you print them out, make sure not to leave them lying around on desks, printers, and fax machines for unauthorized persons to get ahold of. If you need to toss them in the bin, shred them first.
DO lock your computer and mobile phone when you step out.
Like the printouts, your computer and mobile device contain sensitive information. Even a quick restroom run or coffee break puts that information out for perpetrators to easily steal or copy. Whenever possible, password-protect sensitive files as well.
4. Don’t be complacent about cybersecurity.
Technology has transformed the workplace such that anyone can do their job from anywhere nowadays, especially with the Philippines’ Telecommuting Act now signed into law. Convenient as it is, the risk of a security breach is even higher. To help shield your business, you must ensure that your remote workers are using the right technology and tools all the time.
DO educate your employees.
An organization is only as strong as its weakest link. By regularly educating your employees about the risks and threats that come with digitization, you help prevent attacks from happening in the first place. Train them to stay alert for suspicious activity and report them to IT as soon as possible.
Cybersecurity is a highly specialized field that requires technical expertise. To know more about IPC’s cybersecurity portfolio, visit https://www.ipc.ph/cyber-security.