At this point in time, online safety is a serious matter and for businesses it can, literally, be a question of survival. Fortunately, staying safe online is much more about common sense and effective processes than it is about spending lots of money on high-tech security.
Start by working out what online-capable devices you have
You need to protect all devices which can go online, not just the obvious ones like computers, tablets and phones (although it can be easy to lose track of these especially in smaller companies), but also networked devices such as printers and “smart” appliances.
Each and every online-capable device needs to be monitored and provided with appropriate protection. This means physical protection (e.g. locking doors and windows to limit opportunities for tampering) as well as digital protection (e.g. antivirus programmes/apps).
Lock down communications
Train staff as to what constitutes sensitive data and have a policy for deciding if it needs to be transmitted (even internally) and if so how. (Most businesses should already have done this as part of their implementation of GDPR).
Then put systems in place to scan all regular communications for sensitive data and, if necessary, return them to the sender for review. This will also entail having a system in place for releasing “false positives” as there are bound to be some.
Limit both upload and download privileges and make sure only IT staff can install new software
These days many staff will have a genuine need to upload and download files, but their ability to do so should be limited to what is strictly necessary for their work. There should also be a process for them to be able to contact IT if they have a work-related reason for needing anything extra to be done for them.
Similarly, users should have to go through IT to have any new software installed on any device, including mobile devices.
Make use of secure, GDPR-compliant, remote document storage
There are all kinds of reasons for preferring digital documents to paper ones and at this point in time security may be top of the list (even ahead of reducing the need for storage space).
High-quality cloud-storage providers are almost certainly going to be in a much better position to implement robust security measures than the average business, even larger business, if only because they house their servers in data centres which are literally built from the ground up to maximize security even if this comes at the expense of convenience for both employees and customers, both of whom understand why such precautions are necessary.
Cloud-storage providers will also make sure that they keep on top of all the latest developments in the fast-moving world of IT security and promptly take all necessary measures to counter new threats as they arise.
Unlike SMEs, cloud-storage providers can easily justify the cost of investing in the latest and best security tools (both physical and digital) because keeping data secure is not just part of their business, it is their business.
Destroy your documents securely
Anything remotely sensitive should be properly shredded before it is recycled. In this context, “properly” means cross-cut into tiny pieces. Some companies may wish to invest in an on-site shredder, but in many cases it makes more sense just to use a third-party shredding service.
These companies will have invested in commercial shredders which will be far more powerful than anything which is likely to be within an SME’s budget.
So not only will you have the reassurance that the document shredding is done to a high standard, but you will also have the convenience of knowing that the shredder can deal with the likes of staples, so you don’t have to, plus you will get documentation to show that you used the company’s services which can be handy if you ever need to demonstrate your data-security standards.