(some tips and tricks to stay in safe in the digital sphere and keep the digital infrastructure secure)
...
- Avoid using personal devices to access work-related information, or if needed to do so, make sure that appropriate security measures are taken to protect your devices from a security breach.
(How is your computer protected? Also, keep in mind that your mobile device should also be protected and is a great vulnerability.) - Keep your workstation password-protected, and lock it when not in use.
...
- Always use the virus and malware protection programmes as well as a firewall.
- Keep your operating system, security software and other regularly used software up to date.
- Download from authentic sources, licenced and genuine copy of software only. Educate yourself to use open source software as community support makes it a robust and secure alternative.
- Always pay attention to the Terms and Conditions as well as Privacy Policy of any new software you are downloading on the work machines.
In particular, pay attention to the way your data is processed and if it is used for other purposes than providing the direct services to you, how you can exercise your rights to retract, alter, delete etc. your data, and, above all, if the service provider claims to be GDPR compliant.
In addition, if you would be entrusting someone else's personal information by coming into contract with such service provider, make sure you have the appropriate permission from them to do so.
...
Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, Microsoft Edge, Apple Safari.
Access to the Internet
- Avoid using unprotected public internet. Pay attention to the Terms and Conditions and Privacy Policy before connecting to it.
If necessary, change the access credentials of the accounts after using such a connection.
Under no circumstances access the sensitive information/databases/server when connected via unprotected internet connection.
Consider using a virtual private network (VPN) for accessing information.
- If using other devices to access your accounts, use private/incognito mode in the web browser, so that your login information and web history, that might be confidential, doesn't get stored.
Also, pay attention to the fact that different browsers have different private mode settings with regards to what information is deleted upon exiting the session.
...
- Do not write your password on a piece of paper or an un-encrypted unencrypted file.
- Do not save your password in the web browser.
- Use strong passwords (letters/digits/symbols) and never use the same password for several tools/machines. Avoid using your name or other common identifiers about you in the password.
There are many articles online on how to create strong but meaningful passwords as well as random password generators.
...
- Keep into consideration the good-practices not to end up in the spam folder when writing your email - e.g. do not use many pictures, hyperlinks that are renamed and are not reflecting the actual text of the link, forwarding of the emails, sending bulk emails from a non-personal email account, adding too many people in the list of receivers etc.
- Keep in mind different tools that can support you with the extra protection of your emails. You can, for example, encrypt it and password protect it when sending via different tools available.
...
- Create regular backups. You might be able to use the organisation server as well as external hardware to do so. Do the research what would be the pros and cons as well as the level of security for either having automatic back-ups (e.g. to the cloud) or manual ones (e.g. in an a USB drive or external HDD) or it is best to use both in your particular case.
Always test the backup after creating it, to make sure it will work when/if if ever needed.
Protect your backups from a security breach.
When backing-up confidential data, use appropriate security measures (e.g. encryption).
...
- Data Access: Access to user data should be granted only to authorised people within the workplace. And the access rights should be reviewed periodically. Further data should be compartmentalised it can be easily delegated to relevenal relevant person to process.
Handling other people’s personal data
- Please read the basics of personal data and GDPR changes here or a quick summary here. Keep in mind that there is a difference between “personal” and “sensitive” data, the latter to be handled with even more care.
- Before further processing personal information from participants in events/conferences be sure to have their consent. See your organisation's internal regulations on that.
In case of doubt about the level of sensitivity of the data, always contact the data controller to verify that before before storing or transferring the data.
...
- Identify what is the most crucial parts of your work/data processed that should be protected/could be most vulnerable for potential threats.
- Keep track and stay aware on what is the data you are exposing yourself (e.g. see the practices of social engineering).
- The best security breach will be the one you don’t even notice, so always stay attentive to the details within your digital infrastructure/accounts. (Always check the reply address when sending off the email, or web URL when entering sensitive information in your browser).
- Read more to keep up to date with the latest trends in keeping your data secure. Ask for trainings training if you need them from your hierarchy or if you need to educate your team, look for support materials.
There are many National Data Protection Authorities that are doing their best to help their beneficiaries to get up to speed and share such support material with the public. - Know your institution's line of action in case of a security breach. What is the protocol and the course of action? Who are the responsible people? Who should be informed and notified?
...
- GDPR is your friend.
And aims to give you more power in being in control of your data. And the data is the new most valuable currency - so use your rights and be respectful towards others!
Do you know who can access/is storing your personal or sensitive information? If you are collecting data - have you made the people affected aware of that?
...
Related articles
Filter by label (Content by label) | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Page Properties | ||
---|---|---|
| ||
|