Do you have a “cybersecurity mindset”? Do you recognize data security risks in daily workplace situations? Do you know how to handle data, documents, and IT devices securely at work and on the road?
Join us as we explore the need-to-know principle, secure passwords, the separation of private and professional data, and other helpful tips below.
Dealing With Data Securely
Data and documents are everywhere – therefore: Practice your cybersecurity skills!
People sometimes make mistakes. Some are smaller; some are bigger. That’s why we need to see things from a cybersecurity perspective in the workplace. Sometimes important documents are left lying on the desk or by the printer. There’s a private USB stick in the computer that the IT department doesn’t know about. What about the Post-it note in the corner of your monitor with your password on it? So, how are your cybersecurity skills?
What does “need-to-know basis” mean? Only those who need permission have it.
It kind of makes sense: Only those employees who require access to certain files in their job function should have access to those files. This is especially true for sensitive data. Anyone who wants to access data needs both authorization and a reason for the data release. This means that your organization can regularly check that users of data are also authorized to access it.
Passphrases are more secure than passwords. They contain several whole words, numbers, and special characters.
What makes a strong password? It should be complex enough that others can’t guess it, but you should be able to remember it yourself. Perhaps not so easy, you think? Passphrases, i.e. entire sentences whose initial letters or parts of words when put together make up your password, can be helpful when creating new passwords. You probably know a poem, a line from a song, or another catchy phrase that you can easily remember. Together with numbers (such as the date the song or poem was released, or the writer’s date of birth) and special characters, this makes for an excellent personal password.
Documents are only as secure as the place in which they are stored.
Are files spread across your desktop in lots of folders? On your private USB stick? This is a really bad idea. Only store documents in designated project folders and only use storage devices provided by your organization. It is not only digital documents that are of interest to outsiders. Documents containing sensitive information should not be left on your desk or the printer either.
Do not use private or third-party devices, cloud storage, or email services.
Saving a work document on your own cloud service to continue working on it at home might seem convenient, but don’t do it! Also, when working from home, you should only ever use your own organization’s systems and equipment. Private laptops and smartphones always pose a security risk, as do private email services. Ideally, your organization will provide you with the equipment that allows you to work from anywhere in accordance with data protection requirements.