POPIA
DIY
WEEK 5:
Electronic documents – protecting your records
This week is the second in our digital security series.
Although data loss is a breach of the POPIA it’s the consequences of such a loss that are the biggest threat to your business.
If you lose, or can’t access your data, your business could grind to a halt. Think about it. How effectively would your business be able to function if all your devices disappeared tomorrow or if you couldn’t access your files? What would happen if the issue took a long time to resolve? How would it affect your reputation?
- Phishing: malware infection happens when users click on malicious email attachments or website links. It can lead to ransomware attacks and can give criminals access to sensitive information such as passwords, account numbers, and personal information.
- Hacking: is the exploitation of known vulnerabilities in internet connected servers and devices using widely available tools and techniques.
- A lack of contingency planning: Have you considered what will happen if your office building burns down? Do you have off-site backups? Do you have a plan in case the lights go out? Many catastrophic data breaches and losses are not the result of criminal activity, but of a lack of planning. Remember what happened to Delta Airlines? This is called ‘business continuity management’ (BCM), and this is how you build a BCM programme.
SECURITY MEASURES YOU SHOULD IMPLEMENT TODAY TO PROTECT AGAINST THESE THREATS:
(If you get lost in here, don’t panic. Forward this list to your IT service provider and ask for help)
Let’s start off with a few basic steps:
- Don’t write your passwords on a piece of paper or in your diary. If you must write them down, keep them somewhere safe, locked away, and preferably not at your office.
- Don’t share your password with anyone!
- Check whether your email addresses (and passwords) have been compromised on https://haveibeenpwned.com. If they have, make sure to update your passwords.
- Set your devices to automatically lock after three minutes.
- Make sure you have reliable backups in a different location.
For the rest, we suggest you pass these lists on to your IT service provider and get them to action it. Unless you’re an IT expert, of course!
Still with us? OK, let’s take it to the next level:
- Secure your data in the cloud. Use two-factor authentication, especially for remote access to your data.
- Use a cloud service that is in the EU, their data protection and privacy regulations are the best.
- Don’t use outdated software or software no longer supported by the manufacturer (like Windows XP, or can you imagine, Windows 98!). Turn on software updates and make sure they are installed regularly (not every six months!).
- Only allow new software installations using the admin account.
- Install malware protection software on all devices exposed to the internet.
- Set up and configure a boundary firewall, internet gateway, or equivalent network device between your network of computers and the internet.
- Make a weekly backup of your email and your information on the cloud on a hard drive and
- encrypt the backup, or
- disconnect the backup from your computer and store it somewhere safe.
- Do not overwrite previous backups unless your backup disk is full.
- Test whether your backup works every three months.
- Make sure you store your email not only on your computer but also on a server (don’t use a POP3 email account).
Remember to keep adding to your Risk Master sheet!
We know, it is a mouthful. We’ll shut up now … until next week.
Have a contract in place with your IT service provider (we’ll discuss operator contracts later) that includes a service level commitment and the performance of a security audit at least once a year.
Remember that you have a free one-hour consultation included with this programme!
Use it, and contact us if you have any questions about this week’s topic.