POPIA
DIY

WEEK 4:
Electronic documents – protecting digital personal information

Last week we looked at how you can secure paper documents and files. For the next two weeks, we’re looking at how you should protect electronic personal information (PI). Think computers, cell phones, tablets, cloud storage, etc.

EMAIL – DON’T DO SOMETHING STUPID
Apparently email fails cause 30% of data breaches. Let’s not become part of that statistic, shall we?

TRY THIS INSTEAD
Whether you are sending PI via email to each other, your customers, or your service providers, you should always be careful.

  • Before hitting the send button, check who the recipients are. Are you sending this email to the correct Johan?
  • Protect important and sensitive information in password protected documents sent as attachments, rather than putting it in the body of an email.
  • Ask for a ‘delivery receipt’ and a ‘read receipt’ if the information is important.
  • Don’t share one email account between more than one employee. Rather have an alias that sends to 2-3 email addresses. If more than one person can send an email from an address, you won’t know for sure who sent it.
  • Do not allow employees to use accounts such as Gmail or Yahoo for work purposes. They should use their official emails only.

DEVICES – WE ALL HAVE THEM
With an increase in popularity of cell phone and tablet use, chances are that your employees will want to use their own mobile devices for work purposes. Although this could have many benefits for your business, you need to be aware of the risk. Regardless of where PI is stored or accessed, you remain responsible to keep it secure!

HOW DO WE MANAGE THIS?
You probably need a clear Bring Your Own Device (BYOD) policy. Read our top tips for drafting a BYOD policy. Introduce the new policy to your employees and make sure that it is part of the ‘starter pack’ for each new employee.

Security tips for devices:

  • Disable the autorun feature to prevent software programs running automatically when removable storage media is connected to a computer or when network folders are accessed.
  • Use a password on each of your devices (desktop, cell phone, tablet, etc.). Make sure it is a strong password. Read more about creating strong passwords.
  • If you or your employees use hard drives or USB drives around the office, you should encrypt it (turn on Bitlocker).
  • Require all devices to have anti-virus software installed and keep the software up-to-date. This helps prevent ransomware or other hacking attacks.

WHAT IF AN EMPLOYEE LEAVES? HOW DO I GET MY DATA BACK?
Put in place an employee exit process where you delete their email access from their devices, and change the passwords on their accounts. Have them sign a declaration that they have deleted all work-related data from their personal hard drives and devices and keep it on file. You don’t want ex-employees to have access to your data as this would be classified as a data breach in terms of the POPIA.

Did you see something to add to your Risk Master sheet this week? Any process that needs to be improved?

COMMUNICATE IT

You can send this infographic or brochure to your employees and share the rules around using own devices, email, and passwords applicable in your business.

Or create your own set of rules or policies and share. Remember to review your employment contracts and make sure you cover these rules, or include it in your employee policies.

Remember that you have a free one-hour consultation included with this programme!
Use it, and contact us if you have any questions about this week’s topic.