General Data Protection Regulation (GDPR) is now the law in Europe bringing implications for business in Asia. Organisations doing business with Europe now need to have dedicated budgets for regulatory compliance, but the costs need to be weighed against the risks such as financial penalties and reputation damage.
Recent hackings and unethical business deals involving releasing personal information and sharing or selling user accounts have hit the headlines. This may be the tip of the iceberg and with cyber crime escalating exponentially businesses and individuals need to better protect personal data from identity theft, social engineering and other evolving threats.
First step is to make yourself, your colleagues and your friends more aware of the existing and future threats to data.
How motivated attackers are to steal your data depends on the size of gain and the probability of success. Successful data theft will cause significant financial and emotional losses to you and your business. It’s not just about how much money you may lose but how much time it will take to recover and don’t forget how embarrassing it might be to naively leave your data under- or completely unprotected.
Protecting data should be a top priority in your SME business. It only takes a little time and thought to make your account, be it email, payment or other, hard to hack.
Passwords are the first line of defence for any account. If your email account has recently been hacked, you will have to change the password. Whilst you do that, what damage has already been done to your account, its contents and your contact list?
Prevention is better than cure, so check to see how secure your password is. Try out How Secure Is My Password and see how quickly your account can be hacked. This site will let you know if you are using a strong password or if you should revise it to something more difficult.
If you use Google for anything make sure to enable 2-Step verification. For added security, use a password manager. Don’t forget to use some common sense too.
You and your staff may be the weakest link in your business security. Passwords and firewalls may be a first line of defence but people still make mistakes. Creating a culture of security risk awareness in your staff requires top down leadership. Standard Operating Procedures (SOPs) for data protection awareness should be easy to follow and clearly disseminated through your business.
You may be aware of threats that exist to your personal data. You may also not be aware of all the existing threats and new threats that are evolving. Start with an initial assessment of the threats that you know of and then assess how much risk they actually pose to you; low, medium or high, and how likely they are to occur. If you know of a threat that is a high risk at the moment, can you actually figure out what damage it may cause to you personally?
Ask yourself a simple question: What is the most valuable data in my business? You may find it is your client database or online payment account. Then go ahead and check whether this critical asset is fully protected.
If you have been robbed, then who and how to report it are critical steps. Unfortunately there exist numerous institutions that will simply do nothing to help you in case of loss. They turn a blind eye to what has gone on for fear of doing more than their ‘jobs worth’ or simply apathy. Useful help that will effectively resolve your losses through legal or other means is at hand but you need to know where to look for it, and sometimes, quickly.
Protecting your data can be simple and most of the time involves a few common sense precautions. Everyone is at risk and the risks are rising. So wise-up and make your accounts hard to hack. This will take one less worry out of running your daily business.